RE: splitting a subnet in an odd way

To: 'Leonardo Boselli' <leo@dicea.unifi.it>, debian-isp@lists.debian.org
Subject: RE: splitting a subnet in an odd way
From: Thomas Lamy <Thomas.Lamy@netwake.de>
Date: Sun, 28 Sep 2003 14:11:33 +0200
Message-id: <[🔎] 656F04F343FC25409463829A15B5FDDC3F95F4@netwake-nt.netwake.de>

Leonardo Boselli wrote:
> 
> You forget one thing: there are 10 other machines (addresses 3 to 13) 
> that need not to be firewalled, and must be accessible from 
> ANY pother 
> ost either internally and externally, without passing the FW.
> The second group really is not a problem, since are just virtual 
> addresses for a machine in the first group, that self-firewall !
> However user in the third, internal group should access these 
> machines 
> direclty.
> About proxy-arping 230 machines: what commands would you suggest 
> for dcoing that , the way i used for a small group did havoc on some 
> network monitoring tools !
> 
I think the best solution would be a briding firewall. No need for 230
proxy-arps, and (if correctly set up) nearly invisible to the outside world.

See
<http://lists.debian.org/debian-firewall/2003/debian-firewall-200301/msg0004
4.html> for more info and links.


Thomas

Reply to:

Prev by Date: Re: How to modify input-chain to simulate "lost packets"?
Next by Date: Re: How to modify input-chain to simulate "lost packets"?
Previous by thread: Re: splitting a subnet in an odd way
Next by thread: Where to get 'DCC' and 'pyzor' packages from?
Index(es):
- Date
- Thread