> Put a firewall at an address (wan side) that is a public address. The
> other (lan side) address will also have to be an address that is within
> the public address space of the wan side.
> A - Is this going to work?
> B - Am I buying more trouble by doing it?
A - yes. it'll have to be a full bridging firewall. very common in large
places that have full class B's and C's facing the world - eg universities
B - yes - from users. their used to the open world. technology wise . no.
you SHOULD have control. firstly to stop the wrong stuff getting out to the
world. secondly , to stop the nasty stuff getting in. after this initial step,
the next step would be to install an IDS box (eg a SNORT box) to help detect
what else maligns the network. then possibly a transparent web proxy to help
clear the place of nasty spyware (can put extra filters on that and your SNORT
rather than hitting the firewall with load of other things)