joe,
gert's concept is point on, so i'd kinda throttle back a bit.
as for hairpinning or rcv/xmt traffic in/out the same interface
is pretty lame, especially in light of the relatively low cost
of network cards today.
that said...
i'm trying to think of ANY commercially or open licensed firewalls
that do not know how to 'route' packets.
none come to mind.
firewalls descend from early gateways whose sole function in
life was to route due to a enterprise policy or application
required decision.
todays asics and other hardware based firewalls and proxies
notwithstanding, a firewall is SOFTWARE just as a ROUTER is
a machine, running specific SOFTWARE with which to communicate
with a kernel usually.
~!piranha
-----Original Message-----
From: cisc...@puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Joe Maimon
Sent: Wednesday, January 26, 2005 2:53 AM
To: Chris Cappuccio
Cc: Brian Feeny; 'cisco-nsp'
Subject: Re: [c-nsp] PIX OS 7.0 and PIX520, supported?
Chris Cappuccio wrote:
You mean forwarding a packet back out the same interface it was received on?
Nope, ok, you have to buy a ROUTER for that. It ROUTES packets, see.
(Never mind the dynamic or static route options that the PIX provides,
it's just a firewall, for christ's sake!) So, go ahead and buy a Cisco(R)
ROUTER to put in front of your PIX.
A rant after my own heart
http://www.mail-archive.com/nanog at merit.edu/msg26545.html
10 messages in net.nether.puck.cisco-nsp[c-nsp] PIX OS 7.0 and PIX520, suppor...
