[CentOS] [OT] Corporate Firewall -- NAT/PAT != bridging/routing with inspection
Ryan
ryanag at zoominternet.net
Fri Nov 11 01:00:17 UTC 2005
Bryan J. Smith wrote:
> Adam Gibson <agibson at ptm.com> wrote:
>
>>M0n0wall is a freebsd based system but it does support a
>>public IP DMZ/Service interface. You have to enable
>>advanced NATing.
>
>
> Layer-3/4 Source and Destination NAT/PAT (network/port
> address translation) is _not_ the same as layer-2 bridging or
> layer-3 routing between networks and inspecting the packets
> then. I think he's looking for layer-2 bridging or layer-3
> routing, not SNAT/DNAT.
M0n0wall can be configured as a bridging firewall.
It only appears to be another IP on the LAN when in this mode and does
not do NAT.
>IPCop does SNAT/DNAT, and can translate multiple public IPs
>into private ones -- LAN, 2nd LAN (e.g., WLAN), DMZ, etc...
>as well.
Yes, but you need to seriously hack it.....IPCop doesn't support
multiple subnets on the same interface (LAN or WAN) very well at all.
Pre-built m0n0wall boxes are pretty cheap these days:
http://www.netgate.com/product_info.php?products_id=209
More information about the CentOS
mailing list