Am 16.01.2005 um 05:10 schrieb Chris Buechler:
> ICMP redirects are a bad idea from a security perspective, so I'd stay
> away from that. Ideally you should disable ICMP redirects on your
> machines because it would let somebody on your LAN do all kinds of
> nasty stuff with re-routing traffic.
yes, I know, ICMP are BAD. But there are some rare cases where they are
useful and neccessary, as in my LAN.
> I question your statement about requiring static routes on 100 client
> machines, unless I'm missing something. You should be able to put in
> static routes on m0n0wall pointing to that VPN gateway for the VPN
Please note my update to my own posting. Of course it is possible to
put in static routes in Monowall, but it simply didn't work. It was
interceptet by an ipf rule which became active when traffic shaper has
been enabled, nevertheless if it is activ any longer. (ipfw rule 19902
when I remember it correctly).
After a reboot and leaving traffic shaper alone for now everything ist
But anyway, thanks for the fast response.
Greetings from Cologne, Germany
consultant systeme / professional services
telefon +49 221 2942 200 | telefax +49 221 2942 101