> The only documentation I can point you to for the > border_router option > is the shell-script source that builds the firewall rules.
So when you use the border_router option, what is the setting for IPFILTER_SWITCH in network.conf? > Hmm...I suspect the ISP will consider anything coming down > the wire to > you as bandwidth that counts towards any quota, but you'd know better > than I. Peer networking is uncounted bandwidth for our ISP. Common with many ADSL ISPs in Australia. > There are several ways to do what you want, all of which will > generally > 'break' conventional firewall setups (ie: no out-of-the box > solution for > you...custom tweaking required). The two main options are: > > 1) Route internal private-IP traffic from Server1 to the > firewall, and > use the firewall as your IPSec gateway. > > 2) NAT or masquerade IPSec traffic from Server1 on the firewall. > > Is there any particular reason you don't want to use the more > conventional DMZ setup?: > > Internet > | > firewall - public IP DMZ subnet - Servers > | > private IP > internal net > > The firewall can then serve as a VPN gateway for your > internal network, > your servers are on a protected DMZ, and all your firewall > rules are in > one place (rather than split between the firewall and > Server1), for easy > maintanince. I probably should mention that the server1 connected to internal networks is a MS ISA server (hopefully not too much of a dirty word on this list!), with two network cards. > #1 is a potential security risk, if your public IP network is running > public servers (internal traffic is on the public IP network > in the clear). Given my internal network is separated from the public IP network by the ISA Server box (which is on both networks), is that still a problem? ----- Craig ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149&alloc_id66&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
