>
> > > I reread David's post. And discovered that he didn't say the
> > > box was pinged.
not sure any more, but he said "both of which I can ping".
>Fantastic ! For more than one instances I wished I could.
>
>Ipfilter has yet to go for this "destructive" feature, you know.
if you mean the feature of having the FW respond for the ICMP request,
then that's done by simple NAT configuration.
if you redirect ICMP packets intended for 10.1.2.3 to one of the addresses
of the firewal, then they will be delivered to the FW transport layer which
will respond. This is not restricted to ICMP and can be done for HTTP as well,
however, the latter conf requires a listening HTTP process. note that this
is what
transparent proxies use.
regards,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
