From: "Aaron Cherman" <aaronc at morad dot ab dot ca>
> > You have tried a lot of hardware, and I remember that. But has anyone
> > every
> > tried the 2 layer m0n0 config? LAN--> M0n0-a --> m0n0-b --> Internet
> > With
> > all the other stuff you have tried, this seems quite trivial.
> I never did try it. I had posted for thoughts on how to go about the
> some time back and got no response. Thoughts?
I would set up a double NAT arrangement with a lot of port forwarding.
Start with nothing but NAT and port forwarding on the outer firewall. Allow
ALL in and out. Slowly move all of the advanced functions and restrictions
to the outer firewall until the inner one has no real functions left. If
the crash follows traffic shaping, for example, we know what it is. If it
never moves, it is possibly a poisoned packet.