Shorewall Guy skrev: > Zones are security objects. So there is no reason to have separate > security zones for the two classes of servers. They would be useless > anyway since once a server is successfully rooted, the attacker has full > access to the other servers on the LAN segment without going through the > firewall. > > I will warn you that what you are trying to do can be a real PITA to get > working if the NAT servers need to communicate with the Proxy ARPed > servers or vice versa. In each server, you will need to configure direct > routes to the servers of the other type. Split DNS is a must.
No problem using one zone, I just normally separate subnets/nics in different zones so had to adjust this :) Thanks. /Lars ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
