On Thu, 31 Mar 2005 11:52:54 +1200, Kim Robertson <[EMAIL PROTECTED]> wrote: > I am trying to do one internet connection and two private lans, but > there is some "crap" ie viruses etc on one lan and I don't want that to > come through easily. Therefore I want to have one commection for my > private local lan, one for the unsecure lan and one for the internet.
You know, that almost sounds like you only have *one* unsecured lan that you don't want to be able to contact the other one (except in circumstances you specify), but not vice versa. ie. you don't want your "bad lan" to be able to contact your "good lan", but would you care if your "good lan" was able to contact the "bad lan"? (and they're both firewalled from the net). Because the way I read your description above, it sounds like a stock standard DMZ setup. You can do it out-of-the-box with IPCOP, just put your "good lan" on green, public internet on red, and your "bad lan" with the "crap" on orange, the DMZ. No? Just checkin the problem isn't simpler than people are assuming :-) Cheers, Gareth
