[Gllug] Are IP Aliases a security risk?

[Dylan]

Hi All,

Currently, each machine on my lan is dual-homed, with two NIC's so that 
internal traffic runs over a switched 100Mb network, and external connections 
go to a gateway via a 10Mb hub (then to a 512ADSL, so there's little if any 
speed impact.)

To be honest, the dual cabling and config is getting a bit onerous to 
administer and maintain (often getting the physical connections swapped, etc) 
so I was wondering...

Instead of havin two NIC's:

eth0: GREEN: 192.168.x.y (internal, for NIS, nfs etc; no 'firewall' on this 
interface)
eth1: RED: 10.a.b.c (via DHCP, external through gateway running NAT and 
packetfilter; each machine having packet filter on the interface as well)

I can have:

eth0 [= eth0, above]
eth0:1 [= eth1, above]

My questions are:

A) Does this raise any security issues which aren't present in the dual-NIC 
setup?
B) How much speed impact might I expect assuming I was using the 100Mb switch?
C) At the moment, some machines are configured so that one or other interface 
is not started at boot (e.g. the nfs server does not start eth1 unless I do 
it manually for a software update, the machine which the lodgers use for web 
surfing doesn't start eth0 so they have no internal network access) Can I 
start eth0:1 without eth0?

Any other comments would be much appreciated.

Cheers

Dylan

-- 
Sweet moderation
Heart of this nation
Desert us not
We are between the wars
- Billy Bragg

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug