from the quill of "Mark Horn [ Net Ops ]" <mhorn @
com> on scroll
> I don't think that's a very workable solution. How do you enforce that
> routed will listen on the internal interface only? What if your firewall
> employs a Bastion host with only one interface?
In my example I assumed a dual-homed bastion with the model of a trusted
(more or less) and an untrusted (i.e. the Internet) side. You can have the
bastion only accept routing updates from the trusted side by blocking
routing from the untrusted side with a filter (either on or in front of the
bastion - on the untrusted side).
Brian J. Murrell Brian_Murrell @
BCTel Advanced Communications brian @
Vancouver, B.C. brian @
604 454 5279