Hi Anthony, > Why would you have a process specifically binding to the ext.IP, independent > of the route it's communicating to the client system ?
See my second mail (reply to myself) for one situation where I want that. In general, I _like_ my internal machines to easily be able to look at a source IP, and see whether it originated internally, or externally. IOW, I like the incoming TCP connections through my application level proxy to use the firewall's external IP address as the source, for the sake of packet filters on my internal nodes. > Maybe there's a good reason for this somewhere, but it's not the way I've > ever run things... I do. It's very nice to have iptables so capable that it supports all our different ways of doing things. all the best Patrick
