> From: Edward Ned Harvey (blu) > Second, don't enable one-to-one NAT.
1-to-1 NAT means every packet destined for some external IP address will be NAT'd to some internal IP address. This is how you effectively put an internal machine outside the firewall. The only difference between 1-to-1 NAT, and *actually* putting the machine outside the firewall is that the traffic still goes through the firewall. Which means you're able to apply firewall rules, and packet inspection, etc. 1-to-1 NAT exposes you to more risk than necessary, if all you want to do is serve port 80. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
