From mboxrd@z Thu Jan  1 00:00:00 1970
From: Joel Newkirk <netfilter@newkirk.us>
Subject: Re: different DMZs which is better?
Date: Mon, 13 Jan 2003 19:10:07 -0500
Sender: netfilter-admin@lists.netfilter.org
Message-ID: <200301131910.07956.netfilter@newkirk.us>
References: <001e01c2bb10$05d79300$9865fea9@win2k.com> <1042473933.491.76.camel@xbox>
Reply-To: netfilter@newkirk.us
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Return-path: <netfilter-admin@lists.netfilter.org>
In-Reply-To: <1042473933.491.76.camel@xbox>
Errors-To: netfilter-admin@lists.netfilter.org
List-Help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-Post: <mailto:netfilter@lists.netfilter.org>
List-Subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-Id: <netfilter.vger.kernel.org>
List-Unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
List-Archive: <https://lists.netfilter.org/pipermail/netfilter/>
Content-Type: text/plain; charset="us-ascii"
To: Filip Sneppe <filip.sneppe@cronos.be>, Mike <mikeeo@msn.com>
Cc: netfilter@lists.netfilter.org

On Monday 13 January 2003 11:05 am, Filip Sneppe wrote:

> One possible disadvantage of NAT is that it may render
> your network topology a bit less clear/intuitive for some
> people...

And some people would consider this a job security advantage... :^)

With good documentation and liberal comments in the firewall script this=20
shouldn't be an issue, though, at least for the people who need to=20
understand it anyway.  Just write up some notes on the setup, print out=20
them and the firewalls script, and keep them in a 3-ring binder.  The=20
apparent organization of everything usually looks good, and almost=20
always makes return engagements much easier.  (6 months from now=20
something that made perfect sense today may look completely cryptic)

j