On 30 April 2015 at 17:22, Jonathan McDowell <noodles@earth.li> wrote:
Probably on the grounds that it's more secure and a lot of the distros are trying to be decent firewalls out of the box. If you're mixing and matching outbounds on the same interface then one mistake in your routing table and things can be going the wrong way. Or there's the potential for cleverly crafted packets to goes places they shouldn't.
If that's all it is that's fine (in which case I understand, which was my main objective!). I would say however that even then separate interfaces for red and green makes sense, but you still shouldn't need multiple red interfaces just to talk to multiple routers on the red side; in many (the majority of?) cases all the red (WAN) interfaces are equivalent from a security POV. Once I've picked a router distro I'll probably ask the same question on their mailing list and see what they say. -- Mark Rogers // More Solutions Ltd (Peterborough Office) // 0844 251 1450 Registered in England (0456 0902) 21 Drakes Mews, Milton Keynes, MK8 0ER