Leonardo Boselli wrote: > > You forget one thing: there are 10 other machines (addresses 3 to 13) > that need not to be firewalled, and must be accessible from > ANY pother > ost either internally and externally, without passing the FW. > The second group really is not a problem, since are just virtual > addresses for a machine in the first group, that self-firewall ! > However user in the third, internal group should access these > machines > direclty. > About proxy-arping 230 machines: what commands would you suggest > for dcoing that , the way i used for a small group did havoc on some > network monitoring tools ! > I think the best solution would be a briding firewall. No need for 230 proxy-arps, and (if correctly set up) nearly invisible to the outside world.
See <http://lists.debian.org/debian-firewall/2003/debian-firewall-200301/msg0004 4.html> for more info and links. Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]