[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall or bridge?

Hash: SHA1

I can't speak for better.

we went the way we did because we have a fixed IP network and NAT would
have meant reconfiguring all the desktop machines.

in turn if the firewall should fail (we weren't entirely confident and
this was out first venture into this sphere) then the desktop network
would have needed to be reconfigured before normal operations could resume.

If you want to get a firewall in with no disruption to the network then
the bridging solution works very well.

If you're willing to disrupt the existing network then NAT is proabaly
easier for much the same benefit.

Does that help?

Antony Gelberg wrote:
> ----- Original Message -----
> From: "John Griffiths" <johnboy@the-riotact.com>
> To: "David Gaudine" <david@annette.concordia.ca>
> Cc: <debian-user@lists.debian.org>
> Sent: Tuesday, April 15, 2003 2:37 AM
> Subject: Re: Firewall or bridge?
>>Hash: SHA1
>>you can get bridging code to compile a new kernel with.
>>then you can run firewall scripts over the top of that.
>>google and you shall find.
>>My office built up a HP p200 into a bridging firewall for our desktop
> One of my customers uses NAT, and they want a firewall.  Is the above a
> better solution than creating another subnet between the firewall and the
> existing one, and routing?
> A

- --

"I live in the Managerial Age, in a world of "Admin." The
greatest evil is not now done in those sordid "dens of
crime" that Dickens loved to paint. It is not done even in
concentration camps and labour camps. In those we see its
final result. But it is conceived and ordered (moved,
seconded, carried, and minuted) in clean, carpeted, warmed
and well-lighted offices, by quiet men with white collars
and cut fingernails and smooth-shaven cheeks who do not need
to raise their voices. Hence, naturally enough, my symbol
for Hell is something like the bureaucracy of a police state
or the office of a thoroughly nasty business concern."

- - C. S. Lewis


John "Johnboy" Griffiths - RiotACT Editor

Ph: 0412 690 643
ICQ UIN: 7933859
email: johnboy@the-riotact.com
GPG Keyserver pgp.mit.edu
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Reply to: