[ Charset ISO-8859-1 unsupported, converting... ] > I've got a solaris box acting as a gateway here (finally got it up). > > When firewalling the box off, can i treat each interface as it's own, or > will I need to do something special for the setup due to me also natting > with this. > > I've got > le0 => internet > le1 => lan > le2 => Wireless AP (currently left down) > > Ideally, le2 is trusted, it's all open, le2, is locked down to vpn > tunnel port (you login to a vpn run from the gateway which will then > tunnel all your connections to the net. and le1 faces the internet, can > I just write rules for each interface, and be done with it? or do I need > to specially craft rules coming from my internal lan to the internet > (and back) or will NAT intelligently handle this? Or is this > accomplished from the keep state?
If you want to force connections to only use (le0,le2) and prevent (le2,le1), then you can do something like this with keep state: pass in on le2 out-via le0 proto tcp all flags S keep state Darren
