Re: eth-Devices and naming wishes

david parsons (o.r.c@p.e.l.l.p.o.r.t.l.a.n.d.o.r.u.s)
8 Mar 1999 19:03:44 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Chris Bachman: "Kernel 2.0.36 Panic, need help."
Previous message: Kris Karas: "Re: select()/socket has problems under 2.2.x."

In article <linux.kernel.E10Jk4K-0008JN-00.1999-03-07-21-22-36@torres.gf1.internal>,
Marc Haber <Marc.Haber-usenet@gmx.de> wrote:
>Hi!
>
>I am building a firewall system based on Linux. My machine has two
>ne2k-pci-network cards, one of them being destined to be connected to
>the untrusted network. The drivers will be loaded as kernel modules.
>
>I am thinking about doing the following:
>- The trusted card will have its slot shield painted green; its MAC
> address will be known.
>- When the system boots, the ethernet drivers will be loaded and the
> interface that has the known MAC address of the will be marked in
> the system configuration as being connected to the trusted network.
>
>However, it seems that I can't control which ethx alias will be
>associated with the trusted network because both cards are PCI and
>their resource assignments are controlled by the system BIOS. Thus, I
>will have to jump through hoops to take care of this in every init and
>maintenance script which will prove a major pain and source of
>problems.

If you want to be clever, you can do what I did when I did the
WebShield project for McAfee Associates; if you have a trusted
host inside the firewall, you can have the firewall bring up
one interface at a time and ping for that machine. The interface
that gets a reply is the inside interface, and you can go on from
there.

I didn't use eth0 or eth1 for either interface. I defined, in a
configuration file somewhere, INTERNAL_IF and EXTERNAL_IF, which
were set by the initialization script that did the pinging (also
useful if either of the interfaces is going to be a token-ring
or arcnet interface...)

____
david parsons \bi/ And this is all done in userspace, so you can avoid
\/ some of the vagaries of the kernel.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Bachman: "Kernel 2.0.36 Panic, need help."
Previous message: Kris Karas: "Re: select()/socket has problems under 2.2.x."