hello,
i'm new to this software and this mailing list. a client of mine was in
need of a firewall solution that led me to try out the bridge+nf solution,
and i've gotten it working pretty well; the basic design is three ethernet
cards, eth0 to the internet, eth1 to the internal LAN, and eth2 to the DMZ,
with eth0 and eth2 bridged together. conventional routing is used to get
packets to and from the internal LAN, which resides in RFC 1918 IP Address
space.
the one remaining question has to do with passing IPSec between the
internet and a server on the DMZ. since pretty much everything else has
worked in the obvious way, i'm guessing that this will too, but i thought
i'd ask before i fly to the client site next week to install the hardware i
just shipped him.
it's set up to pass traffic to port 500 UDP (isakmp/ike) and pass protos ESP
and AH. the IPs involved are all public, so no NAT is involved. in theory,
this is all that should be necessary. have i missed anything, or is it just
that easy?
i'm willing to offer up the config as a public howto if anyone wants (and
if i can get the experts to vet it for me first.)
thanks in advance,
richard
--
Richard Welty [EMAIL PROTECTED]
Averill Park Networking 518-573-7592
Unix, Linux, IP Network Engineering, Security
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
