Chris Buechler wrote:
>ICMP redirects are a bad idea from a security perspective, so I'd stay
>away from that. Ideally you should disable ICMP redirects on your
>machines because it would let somebody on your LAN do all kinds of
>nasty stuff with re-routing traffic.
>I question your statement about requiring static routes on 100 client
>machines, unless I'm missing something. You should be able to put in
>static routes on m0n0wall pointing to that VPN gateway for the VPN
Unless I'm mistaken, m0n0wall's static route table sends ICMP redirects
to the machine sending traffic to m0n0wall when another route applies
(at least if the other route's destination is on the LAN rather then the
Usenet is like a herd of performing elephants with diarrhea --
massive, difficult to redirect, awe-inspiring, entertaining, and a
source of mind-boggling amounts of shit when you least expect it.