On Fri, Aug 6, 2010 at 7:40 PM, Nathan Eisenberg <nat...@atlasnetworks.us> wrote: >>That's poetry. > > It might be, if it were true. I'm not sure that it is, though. > > From a distribution layer (/30 for routing to a firewall from a router), I > can't think of what you'd need to intentionally do to allow bypass of the > firewall that has anything to do with VLANs. If I somehow moved the router > into one of the 'internal' networks, bypassing the firewall, the router would > have no route to a host, nor would the host have a route to the router. The > only exception would be if you're running a L2 bridging firewall, but then I > don't think the concept of VLANs is even applicable... >
You're missing the entire point. If you have one switch, VLAN 2 is your LAN, and VLAN 3 is your unfiltered Internet, and you put both 2 and 3 untagged on the same port... there ya go. From there the amount of damage possible and ease of it happening depends on what kind of Internet connection you have. --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org