On Fri, Jun 20, 2008 at 12:31:06PM -0700, Jo Rhett wrote: > On Jun 20, 2008, at 12:23 PM, Henrik K wrote: >> Jo, you are unbelievable in a funny way. >> >> You always come up with dozens of posts seemingly with the attitude "I >> must >> be right". You don't configure things like they should be, and then >> complain >> that things don't work. Just set up the friggin networks right and >> let's >> continue normal life. If you need help, post your detailed setup so we >> don't >> need to guess. >> >> :-) etc > > I'm really not sure what you are saying here, and it's very hard not to > read this offensively. I certainly have never said "I must be right" in > any form whatsoever, and I certainly don't think it.
Don't take it personally. I just have the impression that threads started by you tend to get very long.. it might just be because we don't come through clear enough for you. Do notice the smiley. > I also don't have the vaguest clue what you mean by suggesting that I > "don't configure things like they should be" -- most of my > configurations are very plain and generic. And exactly as they should > be, per the documentation. > > The only things I can think you might have a problem with: > > 1. Not trusting that 10.x packets can't reach my host > * I always do belt-suspenders, and assume that an outside layer of > protection might fail > > 2. Not routing internal networks that don't need internet access > directly to an outside host > * Um... why should I? Minimal requirement, minimal risk... > > How exactly are these things not "the way they should be"? What comes to your first post info, it would seem to me that you need: internal_networks hostA hostB hostC You _need_ to have everything internal, so there will be no SPF lookups. Your fear of IP spoofers makes no sense to me, how do you think someone could accomplish that? Just put the 10.something there.
