Re: Firewall or bridge?
-----BEGIN PGP SIGNED MESSAGE-----
I can't speak for better.
we went the way we did because we have a fixed IP network and NAT would
have meant reconfiguring all the desktop machines.
in turn if the firewall should fail (we weren't entirely confident and
this was out first venture into this sphere) then the desktop network
would have needed to be reconfigured before normal operations could resume.
If you want to get a firewall in with no disruption to the network then
the bridging solution works very well.
If you're willing to disrupt the existing network then NAT is proabaly
easier for much the same benefit.
Does that help?
Antony Gelberg wrote:
> ----- Original Message -----
> From: "John Griffiths" <email@example.com>
> To: "David Gaudine" <firstname.lastname@example.org>
> Cc: <email@example.com>
> Sent: Tuesday, April 15, 2003 2:37 AM
> Subject: Re: Firewall or bridge?
>>-----BEGIN PGP SIGNED MESSAGE-----
>>you can get bridging code to compile a new kernel with.
>>then you can run firewall scripts over the top of that.
>>google and you shall find.
>>My office built up a HP p200 into a bridging firewall for our desktop
> One of my customers uses NAT, and they want a firewall. Is the above a
> better solution than creating another subnet between the firewall and the
> existing one, and routing?
"I live in the Managerial Age, in a world of "Admin." The
greatest evil is not now done in those sordid "dens of
crime" that Dickens loved to paint. It is not done even in
concentration camps and labour camps. In those we see its
final result. But it is conceived and ordered (moved,
seconded, carried, and minuted) in clean, carpeted, warmed
and well-lighted offices, by quiet men with white collars
and cut fingernails and smooth-shaven cheeks who do not need
to raise their voices. Hence, naturally enough, my symbol
for Hell is something like the bureaucracy of a police state
or the office of a thoroughly nasty business concern."
- - C. S. Lewis
John "Johnboy" Griffiths - RiotACT Editor
Ph: 0412 690 643
ICQ UIN: 7933859
GPG Keyserver pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----