hmmm. you are correct that the logs would become useless if there was a
double nat.
Steven Kurylo wrote:
>> trying to block improper internet usage, on-line social networking on work
>> hours, etc.
>>
> Technical solutions rarely fix social problems.
>
Agreed, but as the IT guy, i have to be able to show that i have
implemented all advised solutions, and corporate procedures, else i'm
not doing my job. We've become a branch office to a bigger company, and
enjoy quite a bit of autonomy and want to keep it that way. While we
were an independent company the "I'll hit you with my stick" policy
worked well enough.
It's sounding like I'll need to move the DHCP over to the smoothwall,
and install it inside the router. I think the router would continue to
do all the port forwarding for mail servers etc. as both the red and
green sides of the smoothwall would have 192.168.xxx.xxx IPs.
> You should be able to forward the ports, though some types of VPN's
> handle that better than others. As well you'd end up with double NAT
> which may also cause some applications to break. You also won't be
> able to tell who made the request you blocked, unless you can
> correlate the smoothwall logs with the usuage logs on your original
> router.
>
> Without a bridge mode, being in front or behind will work, its just
> which set of changes you'd find easier to implement.
>
>
More comments, suggestions, discussion, would be a big help. Thanks for
your input so far.
Cal G
Received on Wed May 28 16:31:07 2008
This archive was generated by hypermail 2.1.8 : Wed May 28 2008 - 16:31:09 CST