Hello everyone, I administer a LAN that will soon be moved from private to public IP space. The LAN is inside a university network and as such in a rather hostile environment.
At the moment there is a firewall with a public IP doing all the filtering and a NAT/router box behind this. Now I'm thinking about setting up a transparent bridge firewall using the bridge-nf patch from http://bridge.sf.net to replace the firewall once the transition to public IP space is done. I don't have any real-life experience with such a setup and I'd like some input on pros and cons of a filtering bridge as opposed to a setup with a firewall+router. The one obvious advantage is that the bridge doesn't have an IP address and remains invisible at the cost of giving away the real IP addresses of the servers inside the LAN. So, is it safer to keep doing NAT and keep hiding the real IP addresses of the servers or to hide the firewall itself? Thanks for any input, Ben
