On Tue, May 28, 2002 at 07:07:38PM -0400, George Georgalis wrote: > A nice benefit will be the ease of running an IDS on the firewall. (not > that it wouldn't be easily circumvented ...I using a configurable > switch so no help there) > > A mention of dropping the route to LAN on internal machines, leaving > the gw, and adding a forward chain on the firewall would be nice in > http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-10.html
Most of the time you don't want all your (local) traffic to flow through the firewall and back (generating tons of ICMP redirects). Another reason for that would be that this solution might only work for the single subnet topology and not when you have several internal subnets. The solution provided by Rusty in that web page is the general, elegant solution. Ramin > > Thanks again, > // George > > -- > GEORGE GEORGALIS, System Admin/Architect cell: 347-451-8229 > Security Services, Web, Mail, mailto:[EMAIL PROTECTED] > File, Print, DB and DNS Servers. http://www.galis.org/george >
