SunScreen EFS 3.0 supports both routing and stealth interfaces on a single Screen. You can model a Screen with a mixture of routing and stealth interfaces as though it were two completely separate Screens, one containing the stealth interfaces and the other containing routing interfaces. If you configure your Screen in this way, you must have at least two interfaces of each type.
The following sections show two supported configurations.
The separate network configuration consists of a Screen that has two stealth interfaces and two routing interfaces. Although both types of interfaces are on the same machine, packets cannot pass between the stealth and routing interfaces.
This configuration is subject to the following restrictions:
Packets do not flow between the routing and stealth interfaces.
NAT can be performed only in the networks connected to the stealth interfaces.
Computers on the stealth network cannot use proxies.
The proxied stealth configuration consists of a Screen that has two stealth interfaces, two routing interfaces, and a router that passes packets from a stealth interface to a routing interface. Use this type of configuration if you want to use proxy services with a stealth machine.
This configuration is subject to the following restrictions:
NAT can be performed only in the networks connected to the stealth interfaces.
FTP and Telnet between the stealth and routing networks work only if you use proxies for this type of communication.