On Tue, May 28, 2002 at 10:02:22PM +0100, Antony Stone wrote: >On Tuesday 28 May 2002 9:56 pm, George Georgalis wrote: > >> Yeah, maybe I can just change the route on the LAN computers to always >> use the firewall... :) > >No reason why not. Simply remove the local network route from the internal >machines, set them to have a host-specific route pointing to the firewall, >leave the default route going through that machine, and then all >internal-external and internal-internal routes will go through that machine. > >So long as the firewall can handle the bandwidth for your internal traffic, I >don't see a problem. >
A nice benefit will be the ease of running an IDS on the firewall. (not that it wouldn't be easily circumvented ...I using a configurable switch so no help there) A mention of dropping the route to LAN on internal machines, leaving the gw, and adding a forward chain on the firewall would be nice in http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-10.html Thanks again, // George -- GEORGE GEORGALIS, System Admin/Architect cell: 347-451-8229 Security Services, Web, Mail, mailto:[EMAIL PROTECTED] File, Print, DB and DNS Servers. http://www.galis.org/george
