Alex Shnitman wrote:
> Hi, Gilad!
>
> On Wed, Nov 29, 2000 at 12:50:32PM +0200, you wrote the following:
>
>
>> The second is to NOT configure your firewall as a router, but rather as
>> a layer 2 bridge with IP firwalling rules(*2) and not give it an IP at
>> all (bridges don't need to have an IP to function). Not having an IP
>> makes overtaking the machine, hm... difficult ;-)
>
>
> If the machine doesn't have an IP address, what default route do you
> set up on the other machines on the network so that they can go out?
The IP of your router. The hidden assumption here is that we are talking
about the usual office LAN, connected via Frame Relay/ISDN/DSL/SIfranet
or some such to a router on your premises (usually supplied by the ISP).
If you are trying to to set up an El Cheapo PPP+dialup account+NAT sort
of LAN you'll have to have a dedicated machine to do the PPP and NAT and
basically be that router.
The setting I described doesn't save you from the need to have a router,
it just puts the responsibility of peripheral protection (Firewalling)
on something else, that is (almost) invisble from an IP network point of
view.
--
Gilad Ben-Yossef <[EMAIL PROTECTED]>
http://benyossef.com :: +972(54)756701
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
