Greetings, In looking at the design of a DMZ with two separate firewalls and bastions hosts on the DMZ I have questions as to the placement of masquerading rules. I know that _ALL_ traffic leaving the external firewall to hosts on the Internet are to be masqueraded. Does the same hold true for the internal firewall. If so, it would seem that the DMZ becomes, basically, an invisible network (as far as the Internet and internal networks are concerned). Should the hosts on the DMZ be able to see the hosts on the internal network (baring some special SQL application for a web servers on-line ordering system)? Should the hosts on the internal network be able to see the hosts on the DMZ? Thanks in advance - Bennett - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
