I have been helping a family member setup Air on his machine. He bought a year sub after I bragged about how good you guys are, so there, I am contributing to the cause. LOL!
I personally write my own IP table stuff for my firewall but I don't want to deal with issues on this guy's computer in that regard. Therefore I wanted to run conventional Eddie and its Lock feature. We did setup Debian for surfing around and its great.
Now to my questions. After connecting on Jessie and with Eddie and the Lock engaged I decided to see just how secure his machine is against his own LAN. We unticked/unchecked the LAN tab in the preferences of the client. Here are my observations. I ran a script I wrote on his desktop (I write executable scripts alot because then I can one click and run things I want to use without multiple lines and terminals). So I pounded against Eddie using a terminal: sudo arp -a && Nmap of the LAN IP/24. The Nmap results are exactly as I would have hoped, because the report only shows the computer he is running Nmap on. The other 4 devices, which were currently connected to the network LAN, and were active, did not even get seen due to the effectiveness of Eddie's Lock. So far, great. Where the arp part of the script is concerned I mostly saw ONLY the router/LAN IP (device IP number on LAN). No other devices, not even the exact computer where I ran the arp command. I have noticed that when running arp the computer being used doesn't seem to ever come back in the report/printout. I get the same result on his computer when I drop the Eddie client and then run arp -a. By same result I mean regarding the computer running the terminal. With Eddie down, all other devices obviously show up in the report on the terminal, as do all devices in Nmap in that instance.
This post may be more an arp question than an Eddie Lock question. If I continue to run this script (say 10 times) with Eddie and the Lock up, the arp report will on occasion pop up all the devices on his network. Hmmmmm? Nmap never fails and only shows the computer and no other devices, not even the router/LAN IP.
Assuming I start his computer fresh and then mount Eddie + Lock I see this: Nmap - only the computer's device IP on the LAN and nothing else. Arp - I see the router/LAN IP and nothing else. Therefore I applaud Eddie for holding up against inside pounding against the LAN device I am testing it against.
ARP learning question. Does repeated pounding against Eddie from the inside somehow crash something? I never see an arp failure against the Eddie client unless I sit there and repeatedly run that terminal over and over. Any way to diagnose this any further?
To clarify. I am totally happy with how great Eddie is at isolating a machine from a LAN if you ask it to. Good job at LAN isolation when desired.