> Finally, on a workstation on the private LAN, change the
> default gateway to point to the vpn servers and add the third
> IP number to it's
> LAN port.
>
> Now, from this workstation, you can go anywhere. The only
> thing the firewall admin will see is a really long DNS lookup.
An obstacle easily defeated by setting up your own
caching name server inside your network and disallowing
all traffic from anyone to the outside world, including
DNS, except from your caching nameserver.
If interested, the DNS-HOWTO explains this very well.
http://www.redhat.com/mirrors/LDP/HOWTO/DNS-HOWTO.html
~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
