Group: I don't like the idea of allowing all traffic destined for the external IP on the external interface on a machine that doubles as a firewall and a server. But I have a webmail interface that doesn't work unless I do just that. What I want to know is, is it valid to use the MARK target on these packets on their way 'out' so that they can be recognized as not having been spoofed? I haven't seen any documentation on using it like this, and I wonder if this is a viable solution, or if anyone has a better idea. Thanks, Rocco
