Re: Firewall question - Lennart Sorensen

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Lennart Sorensen <lsorense@csclub.uwaterloo.ca>
To: Alex Davis <alex14641@yahoo.com>
Cc: netfilter@lists.netfilter.org, netdev@vger.kernel.org
Subject: Re: Firewall question
Date: Thu, 8 Jun 2006 15:26:28 -0400	[thread overview]
Message-ID: <20060608192628.GA561@csclub.uwaterloo.ca> (raw)
In-Reply-To: <20060608185712.79340.qmail@web50207.mail.yahoo.com>

On Thu, Jun 08, 2006 at 11:57:12AM -0700, Alex Davis wrote:
> The scenario:
> I have a DSL modem in pass through (bridge) mode. The linux firewall/router 
> has a single ethernet card.  It is running pppoe. This gives two interfaces: 
> eth0 and ppp0. The firewall is running iptables. There are several machines 
> behind the firewall.
> 
> Problem:
> I've been told that if someone whose public IP address is on the same
> network subnet as mine were to get my mac address, (s)he could bypass
> the firewall and talk directly to the machines behind it.
> 
> Is this true?

Well the DSL modem only transfers whatever data the ISP end sends to it,
which in your case is just PPP packets (LCC or LCP I think).  No one out
on the internet would be able to send ethernet data over the DSL link,
so the only way to send data to another machine on your network (that
the DSL modem is connected to physically) is if you have other machines
on your local network which are also running PPPoE and listening for
that traffic.

So the worst thing I can see happening is that someone on your local
network could potentially take over your PPPoE session, but that's about
it.  I just can't see anything else that could happen.  I used to run
exactly the setup you describe before I had to drop the DSL connection
(I moved).

Len Sorensen

next prev parent reply	other threads:[~2006-06-08 19:26 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-06-08 18:57 Firewall question Alex Davis
2006-06-08 19:26 ` Lennart Sorensen [this message]
2006-06-09  3:43   ` Andi Kleen
2006-06-09 13:12     ` Lennart Sorensen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060608192628.GA561@csclub.uwaterloo.ca \
    --to=lsorense@csclub.uwaterloo.ca \
    --cc=alex14641@yahoo.com \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).