[lug] fc and iptables
Zan Lynx
zlynx at acm.org
Tue Sep 19 13:07:21 MDT 2006
On Tue, 2006-09-19 at 12:58 -0600, Ken MacFerrin wrote:
[snip]
> Another
> iptables "gotcha" when using multiple IPs on the same NIC is that you
> cannot provide any subnet security between them. If you have a
> 192.168.0.x network on eth0 and a 10.x.x.x network on eth0:0, then a
> client on your 192 network could just manually change their ip to
> 10.0.0.2 and access your 10.x network.
Yep.
And that is what managed switches with VLAN tagging are for. Use either
port based, MAC based, or 802.1X authentication. Then your routers or
servers can separate traffic based on the VLAN, not only the IP address.
--
Zan Lynx <zlynx at acm.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20060919/91f4f925/attachment.pgp>
More information about the LUG
mailing list