In message <Pine.LNX.4.10.9909081131030.8384-100000@webrusso.unime.it>, "Giusep pe Patane'" wrote: >I use netboot to boot my cluster of Linux PCs. All of the PCs in the >cluster are visible only inside my private network. But, the server >containing the bootpd has two network cards and it is connected to the >external LAN, too. Some questions about this: >1) Can somebody on the external LAN change the MAC address of a network >card and boot from my server as if it was a machine of mine ? In theory yes. (Almost) all network cards (or to be more precise : the chipsets) allow to change the MAC-address after booting. >2) To avoid the previous problem, can I prevent the bootpd from listening >to the card connected to the external LAN ? Either by configuring bootpd (I don't know if and how) or you could use the kernel firewall features (e.g. the packet filtering) to block certain ports on the outside interface. Bernd -- Bernd Petrovitsch Institute of Computer Technology Gußhausstraße 25-29, A-1040 Vienna Email: bernd@ict.tuwien.ac.at "Der Horizont vieler Menschen ist ein Kreis mit Radius Null - und das nennen sie ihren Standpunkt." A. Einstein
For requests or suggestions regarding this mailing list archive please write to netboot@gkminix.han.de.