[Shorewall-users] proxyarp and nat

Simon Matter simon.matter@ch.sauter-bc.com
Thu, 04 Jul 2002 08:10:15 +0200


Tom Eastep schrieb:
> 
> On Wed, 3 Jul 2002, Simon Matter wrote:
> 
> > For a new firewall I want to use a combination of proxyarp and NAT.
> > Proxyarp because it has many advantages over nat for several protocols
> > and NAT because we have limited public IPs and it's easier to save some
> > with NAT.
> >
> > Is there any good reason not to use a combination of both? Do I miss
> > something here?
> >
> 
> I hope not since that's what I do :-) See
> http://www.shorewall.net/myfiles.htm.

I have seen your myfiles.htm before which is my best quickstart and
howto in one document :)

But, you don't do what I'm planning to do, so this is wat I want:

Imagine your own configuration but you move 'ursa' into the DMZ, you
give 'ursa' the IP 192.168.2.2, and you're doing S/D-NAT 206.124.146.178
<-> 192.168.2.2. Another way could be to just forward ports, say
206.124.146.178:80 -> 192.168.2.2. Is it still okay?

If not, should I create two separate DMZ's, one for proxyarp, the other
for NAT/portforwaring?

Simon

> 
> -Tom
> --
> Tom Eastep    \ Shorewall - iptables made easy
> AIM: tmeastep  \ http://www.shorewall.net
> ICQ: #60745924  \ teastep@shorewall.net
> 
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@shorewall.net
> http://www.shorewall.net/mailman/listinfo/shorewall-users