|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Adrian Buxton (Adrian.Buxton
team.ozemail.com.au)Date: Mon Jun 24 2002 - 21:38:03 CDT
Hi all,
In a followup to my earlier post [ Subject: PF gateway problems.. return
traffic blocked (but not if in NAT mode!) ] I would like to hear about
others experiences with PF running on a firewall gateway with multiple
interfaces in a non-nat configuration. Specifically when trying to keep
state across 3 or more interfaces.
My understanding is if you are non-nat filtering on 2 interfaces, you can
simply pass in and out everything on your most trusted interface, and use in
and out stateful filters on your external interface.
It would seem that if using 3 or more interfaces this becomes a bit of a
problem though, as you are no longer able to simply pass all on any of the
interfaces if you want to maintain packet flow control across all networks.
The only solution I am aware of is to use 2 keep state rules for rule of
traffic. What effect does this have on the state table?? Is there another
solution I am unaware of??
Thanks...
Adrian.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]