--As off Friday, December 19, 2003 12:43 PM +0100, Henning Brauer is alleged to have said:

Suggestions: re-address 192.168.100.130 to, say, 192.168.101.130
or  change $IntNet to exclude it.  (While keeping the rest of your
network, of course.)

why so complicated? you can just block them on the internal interface. or use tags. or or or..

--As for the rest, it is mine.


Blocking them on the internal interface won't work: they've already been nat'ed. Tags I've never used, and didn't think of, but is the best option.

Of course what this looks like is a DMZ, so a better solution would probably be a three-legged firewall. But that may be far more work than Jim wants.

Daniel T. Staal

---------------------------------------------------------------
This email copyright the author.  Unless otherwise noted, you
are expressly allowed to retransmit, quote, or otherwise use
the contents for non-commercial purposes.  This copyright will
expire 5 years after the author's death, or in 30 years,
whichever is longer, unless such a period is in excess of
local copyright law.
---------------------------------------------------------------

Reply via email to