lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 Dec 2011 10:09:35 -0600 From: "Greg Scott" <GregScott@...rasupport.com> To: "David Lamparter" <equinox@...c24.net>, "Michal Soltys" <soltys@....info> Cc: <netdev@...r.kernel.org> Subject: RE: ebtables on a stick ..and as much as I went into the proxy thing kicking and screaming, it does seem clean and simple now that I finally did it. The routing still has me confused - my public host is on the router's eth1, its gateway is on eth0, but it all still works. I should probably reboot that router at some point soon to make sure there aren't any hidden legacies from my old bridge config left over. - Greg -----Original Message----- From: David Lamparter [mailto:equinox@...c24.net] Sent: Friday, December 02, 2011 10:05 AM To: Michal Soltys Cc: Greg Scott; David Lamparter; netdev@...r.kernel.org Subject: Re: ebtables on a stick On Fri, Dec 02, 2011 at 04:40:13PM +0100, Michal Soltys wrote: > You should be able to avoid whole proxy thing altogether (on your > router), by doing: > > ip add add 1.2.115.157/32 dev eth0 > ip ro del table local 192.168.99.5/32 dev eth0 > ip route add 1.2.115.157/32 dev eth1 ... and any application that looks at the local interface addresses (e.g. ntpd, bind, etc.) will get thoroughly confused. Oh and worst-case (i don't know/didn't check) source address selection as well. I'd advise against it. > instead of: > > ip neigh add proxy 1.2.115.157 dev eth0 -David -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists