Subject: RE: Second Ethernet Card
To: 'Steven M. Bellovin' <smb@research.att.com>
From: Young, Julian <Julian.Young@nl.compuware.com>
List: netbsd-users
Date: 06/26/2002 11:29:54
      
  ------          ------         ------
  |    |          |    |         |    |
  | A  |----------| B  |---------| C  |
  |    |          |    |         |    |
  ------          ------         ------

What I mean in that I can telnet fron A to B, from B to A , from B to C but
NOT C to B

Not if I run ipfilter on B using ipmon can see the packet from C to B as
being passes using the rules

pass log first on ex0 from any to any keep state
pass log first on ex1 from any to any keep state

Note: this rule is out of my head so the sytax may not be precise but the
intent is the same just pass and log. i have the same rule on both sides.

"J"

-- 
Julian Young (Julian.young@nl.compuware.com) 
Software Engineer  - Compuware Europe B.V.
Hoogooddreef 5. PO Box 12933 1100 AX  Amsterdam The Netherlands
Tel +31 (020) 3116302 Mobile +31 (06) 288
43652_______________________________________________________________
NetBSD - because Unix isn't just #include <linux.h>, i386, ELF, ...!
   -- Hubert Feyrer 



-----Original Message-----
From: Steven M. Bellovin [mailto:smb@research.att.com]
Sent: Tuesday, June 25, 2002 8:17 PM
To: Young, Julian
Cc: netbsd-users@netbsd.org
Subject: Re: Second Ethernet Card 


In message
<D913221A882FD31198D90008C75D69090572F5EC@cwnl-ams-pri01.nl.compuwar
e.com>, "Young, Julian" writes:
>I have a second ethernet card in my system and whilst I can get out on to
>that side of the network nothing can get in. it seems that the demons are
>not listening on it. no telnet,ftp,ssh in on that card (ex1) whilst ex0 is
>fine and has no problems.  Does any one have any clue what I have missed in
>my setups

What do you mean "not listening"?  Most daemons don't care about their 
IP address; they're bound to *.portnum, and will accept connections on 
any local address.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)



-- 
The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.