6 Sep
2005
6 Sep
'05
6:17 p.m.
On 9/5/05, Jack quiet_celt@yahoo.com wrote:
read the RFCs, but IIRC once a connection is "established" it will bypass the router if that makes a shorter route. This is what you *want* to happen anyway, if your router is seperate from the firewall. If the firewall is compromised though, all bets are off. Of course, it's easy to test my hypothesis by running ethereal on the router, firewall and client pc.
Brian JD
what gets bypassed with established TCP connections is the firewall rules, as an optimization for reducing CPU load on firewall machines. That's TCP connections, not routes. Routes must involve routers unless there is direct connection, (or faking of direct connection through VPN bridging or something like that)