|
||||||||||
Chris, Am 16.01.2005 um 05:10 schrieb Chris Buechler: > ICMP redirects are a bad idea from a security perspective, so I'd stay > away from that. Ideally you should disable ICMP redirects on your > machines because it would let somebody on your LAN do all kinds of > nasty stuff with re-routing traffic. > yes, I know, ICMP are BAD. But there are some rare cases where they are useful and neccessary, as in my LAN. > I question your statement about requiring static routes on 100 client > machines, unless I'm missing something. You should be able to put in > static routes on m0n0wall pointing to that VPN gateway for the VPN > subnets. Please note my update to my own posting. Of course it is possible to put in static routes in Monowall, but it simply didn't work. It was interceptet by an ipf rule which became active when traffic shaper has been enabled, nevertheless if it is activ any longer. (ipfw rule 19902 when I remember it correctly). After a reboot and leaving traffic shaper alone for now everything ist ok. But anyway, thanks for the fast response. Greetings from Cologne, Germany Harald -- consultant systeme / professional services denkwerk | vogelsanger straße 66 | d-50823 köln telefon +49 221 2942 200 | telefax +49 221 2942 101 www.denkwerk.com |