[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Possible to do one way IPsec?
 Date:  Wed, 12 Apr 2006 12:40:20 -0400
On 4/12/06, Joe Lagreca <lagreca at gmail dot com> wrote:
> I agree its not ideal nor very secure, but I don't want to run 2
> m0n0's on my side.  My office is already cluttered with stuff.

You can do it pretty cleanly (from a network design perspective) by
putting in a second as a filtering bridge, with the WAN of the bridge
plugged into the LAN of the primary and the OPT of the bridge plugged
into your actual LAN.  Yeah, running two firewalls is a bit of a pain,
but I'd rather run that than leave it wide open.