[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DMZ design question



Vincent FLEURANCEAU wrote:

Why ? Easyer to administer ?

Easier to administer, setup, debug, ...
And since bridging code is probably 1000x less used than
the regular IP stack, there is more bugs, loose ends and
such on the kernel/pf bridging code, compared to the
standard path.
Cedric



----- Original Message -----
From: "Cedric Berger" <[email protected]>
To: "Vincent FLEURANCEAU" <[email protected]>
Cc: <[email protected]>
Sent: Thursday, October 31, 2002 12:17 PM
Subject: Re: DMZ design question




If you've the choice and don't *need* to create a bridge,
it is always better to avoid it. Go for [1]
Cedric


Vincent FLEURANCEAU wrote:




Hi you all,

I hope I'm not off topic ;-)

I need to set up a DMZ so I would like to know what is best between:

[1] a 3-legged firewall

or

[2] a filtering bridge (invisible firewall) + a NAT firewall for the


private


network



Thanks.


-- Vincent FLEURANCEAU