Rule question
Patrick Schaaf
bof@bof.de
Sat, 22 Jun 2002 10:08:24 +0200
Hi Anthony,
> Why would you have a process specifically binding to the ext.IP, independent
> of the route it's communicating to the client system ?
See my second mail (reply to myself) for one situation where I want that.
In general, I _like_ my internal machines to easily be able to look at
a source IP, and see whether it originated internally, or externally.
IOW, I like the incoming TCP connections through my application level
proxy to use the firewall's external IP address as the source, for the
sake of packet filters on my internal nodes.
> Maybe there's a good reason for this somewhere, but it's not the way I've
> ever run things...
I do. It's very nice to have iptables so capable that it supports all our
different ways of doing things.
all the best
Patrick