Hi, Sorry for very long delay but I was trying to test this myself before posting summary. Due to lack of time I gave up (maybe later). Original question was: SunScreen 3.1 Lite documentation mentions differences between "full" and "Lite" version. Among others Lite version works only with 2 interfaces. Does it mean: a. are iprb0, iprb1 interfaces? (so I can use iprb0:0 and iprb0:1 for internal addresses and iprb1 for external) or: b. are iprb0:0, iprb1:0 interfaces? Which one (a.) or (b.) is true? And the answers from you fellows did not put more light into this. Therefore I decided I have to test this myself. Ismaeel Abdur-Rasheed: In answer to your specific question, 'interface' is defined as an IP address (as firewalll rules are IP based), and overloading IP addresses on a single NIC would constitute additional 'interfaces'. Aaron Kramer: Sunscreen doesn't have any understanding of virtual interfaces so the sunscreen-lite limitation is on 2 physical interfaces. You can have as many virtual interfaces on those 2 physical interfaces as you want, so (a.) Also, The Lite version only allows you to have 2 interfaces enabled *in the SunScreen configuration*. Since virtual interfaces are not enabled in the SunScreen config, you could protect both physical interfaces in this example. All rules applied to a physical interface are also applied to the virtual one, so define your rules and "valid addresses" for each interface accordingly. SunScreen does understand virtual interfaces (and will also use the IP addresses associated with virtual interfaces when calculating the value of "localhost"), it's just you do not need to plumb SunScreen onto the virtual interfaces. Only the physical interface needs to have SunScreen configured on it, then the associated virtual interfaces will additionally be protected. Thanks to those who responded. Peter _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Fri Nov 23 04:52:18 2001
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:28 EST