At 11:26 PM 6/17/00, you wrote:
> > I've got a question here. What if any are the advantages of using two
> > NIC's On the firewall we run here (FreeBSD) we are only using a single NIC
> > for both directions. To the network and to the Net. (and we run video
> > conferencing video so traffic is heavy) As I see it adding a second NIC
> > only serves to add latency to the net access. Unless your traffic volume
> > exceeds 10 or 100 mbs in any one direction (depending on your net speed)
> > the card even in half duplex mode should be more than able to handle the
> > traffic. I've asked this question before in other groups and no one could
> > give me an answer that held water. Thanks hope this isn't off topic if it
> > is please ignore and I apologize.
> >
> > James
>
>Well, I changed the topic to something appropriate.
>
>Let's say that you use One NIC and give it two addresses... If
>it has only one address, I am sailing by any firewall you set up
>on that box, BSD or not, because that means all your machines
>have network addresses reachable from outside.
>
>If not--and you have two addresses on the card, one for local
>under the "experimental" addresses which are reserved from use on
>the internet, like
>
>192.168.0.0 - 192.168.255.255
>176.16.0.0-176.31.255.255
>10.0.0.0-10.255.255.255
>
>and the other a real internet address. This means incoming
>traffic from the internet is recognized and processed , then
>retransmitted on the same NIC to the local station if not
>filtered out. This is equivalent to having two NICs since you
>have the latency. In fact this rig is sometimes called the "poor
>man's router"..... I would hazard a guess that this is the
>configuration of your firewall. It is more secure than attaching
>the interface to the internet router through a hub and attaching
>the locals onto the same hub.
>
>Now if your "firewall" is on a hub with the local stations and
>the hub also connects to the internet router, then Mr. Aloysius
>Blackhat out on the internet figures out your local subnet and
>configures a similar subnet on his end--working a similar
>"firewall/router" combo, and into your subnet he comes with an
>EASY CRACK--he's just another one of the localhost folks.
>
>I don't see any of these configurations getting away from
>latency, which is rather unimportant at the speeds we speak of
>and easily resolved with a little buffering. The internet has
>plenty of logjams that will affect your setup far worse.
>
>Civileme
Thanks this is actually the first "reasonable" explanation I've
gotten. Usually I just get the answer of either "security" or the traffic
explanation I stated above. Thanks. Oh and latency is a large concern
with Real Time video. Otherwise you are definitely right.
