lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 1 Dec 2011 17:50:40 +0100
From:	David Lamparter <equinox@...c24.net>
To:	Greg Scott <GregScott@...rasupport.com>
Cc:	David Lamparter <equinox@...c24.net>, netdev@...r.kernel.org
Subject: Re: ebtables on a stick

On Thu, Dec 01, 2011 at 09:29:59AM -0600, Greg Scott wrote:
> > That /32 just means "on my ethernet segment i'm alone with that
> > address". If the windows box has /28 as subnet mask, it will try to
> ARP
> > for other hosts from that subnet, instead of going through the router.
> > So, that'll break connectivity to them...
> 
> I never did get this. Right now, it's a test Windows box, but eventually
> it will be something else.  It's connected to eth1 and needs to go
> through the router - right - so how does it find its gateway at
> 1.2.115.146 on eth0?  And setting the mask to /32 makes it even
> stranger.
> 
> As long as I can get to it - why don't I try setting it to /32 and let's
> see what happens.  Worst case, I have to jump in the car I guess.  Well,
> Windows won't allow a mask of 255.255.255.255.  I wonder how the real
> stuff I'll eventually connect at that IP Address will behave with a /32
> mask?

The default gateway is always assumed to be on-link / arp-able. Because
if it wasn't, it wouldn't be an usable default gateway...

On the box I'm writing this mail from right now:

# ip -4 a l eth0; ip r l match 0.0.0.0; ip r l exact 10.255.255.1
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN qlen 1000
    inet 87.106.131.203/32 scope global eth0
default via 10.255.255.1 dev eth0
10.255.255.1 dev eth0  scope link

(that config is pushed through DHCP)

> I wonder what happens with some of the stuff I'm NATing?  There's a
> website at public IP 1.2.115.151, private 192.168.10.8.  Pinging
> 1.2.115.151 and then arp -a; it shows the firewall eth1 MAC Address.
> Makes sense - it is NATed after all.

I don't work with windows and have no clue what's happening there :)

Well, as long as it works, I guess that's fine.


-David
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ