| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20111201144745.GK589422@jupiter.n2.diac24.net> Date: Thu, 1 Dec 2011 15:47:45 +0100 From: David Lamparter <equinox@...c24.net> To: Greg Scott <GregScott@...rasupport.com> Cc: David Lamparter <equinox@...c24.net>, netdev@...r.kernel.org Subject: Re: ebtables on a stick On Thu, Dec 01, 2011 at 08:39:07AM -0600, Greg Scott wrote: > I wonder what's different this morning? A bunch of firewall conntrack > entries would have expired by now. I was changing rules fast and > furious last night, maybe there were some stale conntrack entries that > messed with my head. But this morning it's working as expected. > > Must be an important project, otherwise it wouldn't give me all this > trouble. Heh. Nice to see you got it to work. A few last words about the subnet mask on the windows box: The 1.2.115.144/28 subnet is on eth0 on your router. The windows host with 1.2.115.157 is _not_ connected to that subnet. It is on eth1 on your router, and it can't reach any hosts from 1.2.115.144/28 without going through your router, so /32 is the correct configuration there. That /32 just means "on my ethernet segment i'm alone with that address". If the windows box has /28 as subnet mask, it will try to ARP for other hosts from that subnet, instead of going through the router. So, that'll break connectivity to them... -David -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists