[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

RE: full solution to the anna univ routing problem (long)




On Sun, 13 Aug 2000, Chitoor, Srikrishnan wrote:
> A related question.
> In this, there is talk only about having two ethernet cards for a firewall.
> Is that absolutely required?
> Can't we just have a linux box with one Network card, but two IP addresses
> (using IP aliasing)?
> If one network card will work fine, are there any disadvantages?
> Specifically, is it less secure than having two network cards?

a machine with a single ethernet card with two addresses does not really
qualify as a firewall. in this case, there is only a single physical
network which is directly connected to the internet (or the router that is
connecting to the line to the internet) and hence, there is no outside
zone and inside zone - only an outside zone. as i have hinted at in my
footnote to the detailed post, firewalls (single interface or multiple
interface) make little sense in the indian context. most of our intranets
seem to use local/reserved ip addresses and hence are invisible as far as
the internet is concerned. to quote from the firewall howto, "firewalls
are used for two purposes - (1)  to keep people (worms/crackers) out (2) 
to keep people (employees/children) in". if the intranet has hosts with
local addresses, purpose (1) is served even without a firewall.  with a
single interface firewall purpose (2) depends on how things other than the
firewall are configured. a double interface firewall provides full control
at the firewall machine.

sriram


---
Visit our home page at: www.chennailug.org
Send e-mail to 'ilugc-request@xxxxxxxxxxxxxxxxxx' with 'unsubscribe' 
in either the subject or the body to unsubscribe from this list.