On 5/16/06, Travis H. <[EMAIL PROTECTED]> wrote:
> I can't decide if it would be best for the firewall to be transparant
> or not.
If you're talking about bridging, then that's in direct conflict with
your desire to admin it from the outside. The only way to admin a
bridging firewall is on the keyboard and monitor directly attached to
it. It is also impossible to download any packages/ports, or do just
about anything than filter/pass packets. I find it somewhat
irritating, like cutting off my hands so that someone else can't use
them to stab me in the eye.
Not entirely true. You can certainly put an IP on the interfaces that
are participating in the bridge (I do exactly that to admin one of my
firewalls that I need transparency at layer 3 with). And the fact
that there are IPs on those interfaces don't prevent them from still
serving their purpose as a bridge.
--Bill
