Hi Geoff,
That was an option, however I wish to set up my Bastion Host properly, and
disable any ip forwarding (which would break forwarding of packets without
using a user mode program to redirect them). This would work, but to scale
up to thousands of connections I have my doubts whether it would cater.
Cheers,
Greg.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Breach, Geoff
Sent: Monday, 22 November 1999 13:01
To: Firewalls (E-mail)
Subject: RE: Web Server off Bastion Host ?
> Router, in which case I would use a third NIC off the Bastion
> Host. My
> problem is that I wanted to turn off packet forwarding in the
> kernel of the
> Bastion Host as it will be an application proxying firewall,
> but this will
> stop packet forwarding from the external interface of the
> Bastion Host to
> the Web Server segment.
>
> What can I do, short of adding a router that I can control ?
Have external clients speak to your bastion, and have your
bastion redirect the connections to the web servers.
HTH,
Geoff
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission. If
you receive this message in error, please immediately delete it and all
copies of it from your system, destroy any hard copies of it and notify the
sender. You must not, directly or indirectly, use, disclose, distribute,
print, or copy any part of this message if you are not the intended
recipient. CREDIT SUISSE GROUP, CREDIT SUISSE FIRST BOSTON, and each of
their subsidiaries each reserve the right to monitor all e-mail
communications through its networks. Any views expressed in this message
are those of the individual sender, except where the message states
otherwise and the sender is authorised to state them to be the views of any
such entity.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
