Vincent FLEURANCEAU wrote:
Why ? Easyer to administer ?
Easier to administer, setup, debug, ...
And since bridging code is probably 1000x less used than
the regular IP stack, there is more bugs, loose ends and
such on the kernel/pf bridging code, compared to the
standard path.
Cedric
----- Original Message -----
From: "Cedric Berger" <[EMAIL PROTECTED]>
To: "Vincent FLEURANCEAU" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, October 31, 2002 12:17 PM
Subject: Re: DMZ design question
If you've the choice and don't *need* to create a bridge,
it is always better to avoid it. Go for [1]
Cedric
Vincent FLEURANCEAU wrote:
Hi you all,
I hope I'm not off topic ;-)
I need to set up a DMZ so I would like to know what is best between:
[1] a 3-legged firewall
or
[2] a filtering bridge (invisible firewall) + a NAT firewall for the
private
network
Thanks.
-- Vincent FLEURANCEAU
