I have had shorewall running successfully on my linux firewall/router/server for several months now. As an aside, I like it's straightforward approach to configuration. Today I added a 1:1 NAT connection to an Exchange 2007 server, with hardly any problems at all (well, I initially forgot to include the ACCEPT rule for the server, thinking the entry in the nat file took care of everything, but re-reading the shorewall manual let me catch that mistake).
My question is this: are there any significant downsides (particularly security downsides) to doing 1:1 NAT as opposed to Proxy ARP? I'm ignoring DNAT, perhaps inappropriately, because I think it would be hard to get RPC over HTTP to work using DNAT. I didn't go the Proxy ARP route because (a) 1:1 NAT struck me as simpler (two config file entries and I'm done) and (b) because I have to have the Exchange server available to clients behind the firewall I'd have to multihome the Windows box (i.e., give it both a valid external IPv4 address and a valid LAN-local IPv4 address), and I wasn't sure how Exchange would react to that. - Mark ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
