> The 'unofficial' bit is cya speak. Can one view all the things listed on the "addon" thingy as reliable then?
> > * No egress filtering on the DMZ. If the server gets hacked, you're > > spamming at maximum bandwidth[1]. Is this a total joke or what? > Obviously, I *monitor* my traffic patterns, so it tells me if there is > a problem. Obviously yes. And obviously, that's not good enough by itself. > > * On a test box with 2 network cards for internal and DMZ, with an > > external interface declared to be a modem but that's not set up, ipcop > > fails to set up any forwarding rules between LAN/server. Does this > > mean if the internet link goes down, internal users can't reach the > > server any more? Is this another joke? > Set up your own access pinholes to get from dmz to internal, none are > necessary the other way... from the green network, all servers on the > orange network are visible. Yes that's all fine, but not the point. The point is, all servers on the internet are reachable *by the orange*, and that's a bad joke. > Well, it works fine for me. I also suggest the unofficial openvpn > addon. Alternatively, try m0n0wall - it's much lighter weight, though. What does "lighter weight" mean? Runs on less hardware, offers fewer features? > However, as your requirements do seem to be bordering on commerical, a > more dedicated solution may suit you better. I thought the requirements were pretty standard for any SOHO setup? Any other possibilities anyone could suggest? Thanks, Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me.
