[Shorewall-newbies] NAT issue

Tom Eastep teastep at shorewall.net
Fri Jan 23 14:32:54 PST 2004


On Friday 23 January 2004 02:24 pm, Sakthivel Subramanian wrote:
> Tom,
>
> I added a rule to allow LDAP from loc->fw and routeback to loc interface
> that took care of my issue.
>
> In FAQ 2A, you are suggesting
> "Another good way to approach this problem is to switch from one-to-one NAT
> to Proxy ARP."
>
> If I switch to proxy ARP instead of one-to-one NAT, will I still be able to
> control traffic to the server by adding specific rules in the
> Shorewall/rules file.

Yes, but ProxyARP works best when the server(s) is/are on its/their own LAN 
segment. See the Shorewall Setup Guide 
(http://www.shorewall.net/shorewall_setup_guide.htm) or My own configuration 
(http://www.shorewall.net/myfiles.htm).

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-newbies mailing list