[ previous ] [ next ] [ threads ]
 
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Multiple WAN ip addresses
 Date:  Thu, 26 Jun 2003 21:21:39 -0700 (PDT)
On Wed, 25 Jun 2003, Bart Smit wrote:
> On Tue, 24 Jun 2003, Fred Wright wrote:
> 
> > I like to regard Proxy ARP as a last resort, since it lies about the
> > topology
> 
> Part of a firewall's task is to conceal what's behind it. So in this
> particular case the topology should be nobody's business anyway ;-)

Well, actually, the purpose is to *protect* what's behind it, which
doesn't necessarily mean conceal it.  Steve Gibson seems to think the two
are inseparable, but I don't necessarily agree.  In any case, the point of
the DMZ is to have some servers which you *intend* to have accessible to
the outside, so "concealing" them is rather pointless.

					Fred Wright