Re: [SLUG] Wireless Routers and Bridges

• Next message: Branko: "Re: [SLUG] Re: A real HARD(ware) question"
• Previous message: steve szmidt: "Re: [SLUG] Wireless Routers and Bridges"
• In reply to: steve szmidt: "Re: [SLUG] Wireless Routers and Bridges"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

>
>
> A router routes traffic between different subnets. It has an ip
address on
> each network. You tell your computer how to A. get out of your subnet
to find
> all the others, or B. to find one or more specific subnets.
>
> A bridge connects different network topologies, like fiber and twisted
pair,
> and does not have any ip address.
>
> Now you cannot use a bridge as a router, again due to the fact that it
does
> not have an ip. You cannot say go to this ip to get to someplace.
>
> Now, things are changing as people realizes things you can do by
mixing up
> these features. F.ex. in OpenBSD you can have a bridge as a firewall.
It's
> now a firewall that you cannot reach from the network so it's very
safe.
>
> It's also an excellent way of firewalling off a portion of your
network by
> invisibly inserting it f.ex. outside the accounting network.
>
> --
>
> Steve Szmidt

It may be helpful to remember that a bridge is a Layer 2 device
and works with MAC addresses (also known as ethernet
addresses and hardware addresses, a 48 bit number, 8x6). A router
is a Layer 3 device and works at the Network level with IP
addresses (32 bit numbers, 8x4) . A MAC address is not visible
past your local router gateway and works just on the local LAN.

ARP (and reverse ARP) is the mechanism by which MAC addresses,
which your NIC card needs to work, are mapped to IP addresses,
which people work with.

One advantage of bridging firewalls such as the OpenBSD model
is that the interfaces have no assigned IP address which makes
re-numbering easier if you insert such a device in your network
access point. Such a firewall is much harder to attack, as Steve said.

The mangle function in iptables allows offsetting the TTL of
traffic transiting the firewall by one which makes the firewall
"invisible" to traceroutes.

- Bob ---sent 1347 EST Sat

-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.

• Next message: Branko: "Re: [SLUG] Re: A real HARD(ware) question"
• Previous message: steve szmidt: "Re: [SLUG] Wireless Routers and Bridges"
• In reply to: steve szmidt: "Re: [SLUG] Wireless Routers and Bridges"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:07:31 EDT