> I've got a question here. What if any are the advantages of using two
> NIC's On the firewall we run here (FreeBSD) we are only using a single NIC
> for both directions. To the network and to the Net. (and we run video
> conferencing video so traffic is heavy) As I see it adding a second NIC
> only serves to add latency to the net access. Unless your traffic volume
> exceeds 10 or 100 mbs in any one direction (depending on your net speed)
> the card even in half duplex mode should be more than able to handle the
> traffic. I've asked this question before in other groups and no one could
> give me an answer that held water. Thanks hope this isn't off topic if it
> is please ignore and I apologize.
>
> James
Well, I changed the topic to something appropriate.
Let's say that you use One NIC and give it two addresses... If
it has only one address, I am sailing by any firewall you set up
on that box, BSD or not, because that means all your machines
have network addresses reachable from outside.
If not--and you have two addresses on the card, one for local
under the "experimental" addresses which are reserved from use on
the internet, like
192.168.0.0 - 192.168.255.255
176.16.0.0-176.31.255.255
10.0.0.0-10.255.255.255
and the other a real internet address. This means incoming
traffic from the internet is recognized and processed , then
retransmitted on the same NIC to the local station if not
filtered out. This is equivalent to having two NICs since you
have the latency. In fact this rig is sometimes called the "poor
man's router"..... I would hazard a guess that this is the
configuration of your firewall. It is more secure than attaching
the interface to the internet router through a hub and attaching
the locals onto the same hub.
Now if your "firewall" is on a hub with the local stations and
the hub also connects to the internet router, then Mr. Aloysius
Blackhat out on the internet figures out your local subnet and
configures a similar subnet on his end--working a similar
"firewall/router" combo, and into your subnet he comes with an
EASY CRACK--he's just another one of the localhost folks.
I don't see any of these configurations getting away from
latency, which is rather unimportant at the speeds we speak of
and easily resolved with a little buffering. The internet has
plenty of logjams that will affect your setup far worse.
Civileme
