Hi everyone, I understand from the manual that Mirror switches the scr and des IPs and sends off the packet without traversing any outgoing packet filter chains. I was just curious if the packet needs to hit the mirroring machine twice? let me explain. so say a "bad client" trys to access the ssh server on the mirroring machine 192.168.1.20 => 192.168.1.1:22 (bad client) => (mirroring machine) so Mirror swaps the IPs and sends it back out 192.168.1.1 => 192.168.1.20:22 (mirroing machine) => (bad client) so the "bad clients" computer doesn't run ssh-server and responds to the packet as connection refused my understanding is that the connection refused packet comes back to the mirror machine and the mirror machine swaps the src and des again for the "bad client" to get the connection refused. is my understanding incorrect? Any feedback is much appreciated Bailey -- bailey@tgpsolutions.com Administrator, tgpsolutions http://www.tgpsolutions.com
