hi Mark Walmsley wrote: > Why not change the red connection to a bridge. Thanks to ebtables you can > effectively bridge your red and your orange and protect the orange very well > doing it.
this has been under discussion since months. in fact it would be really cool. we need to refactor (partly rewrite) the firewall scripts (as planned) in order to be able to implement this. this goal will not be reached in a foreseeable time, but the development (slowly) goes in that direction. > Also another question if I do get lazy and just use the current dmz scheme > and add multiple ip addresses to the red and port forward to the orange does > it maintain the proper source destination pairs or simply use the outgoing > ip? it does for connections going the same destination port which has been configured within portforwarding for the respective target ip. for example, if you forward port 25 of ip x.x.x.x to (orange) y.y.y.y, connections from y.y.y.y to a host port 25 will be SNAT'ed to the alias ip address x.x.x.x. peter -- :: e n d i a n :: open source - open minds :: peter warasin :: http://www.endian.it :: [EMAIL PROTECTED] ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user
