[Shorewall-users] proxyarp and nat
Thu, 04 Jul 2002 08:10:15 +0200
Tom Eastep schrieb:
> On Wed, 3 Jul 2002, Simon Matter wrote:
> > For a new firewall I want to use a combination of proxyarp and NAT.
> > Proxyarp because it has many advantages over nat for several protocols
> > and NAT because we have limited public IPs and it's easier to save some
> > with NAT.
> > Is there any good reason not to use a combination of both? Do I miss
> > something here?
> I hope not since that's what I do :-) See
I have seen your myfiles.htm before which is my best quickstart and
howto in one document :)
But, you don't do what I'm planning to do, so this is wat I want:
Imagine your own configuration but you move 'ursa' into the DMZ, you
give 'ursa' the IP 192.168.2.2, and you're doing S/D-NAT 220.127.116.11
<-> 192.168.2.2. Another way could be to just forward ports, say
18.104.22.168:80 -> 192.168.2.2. Is it still okay?
If not, should I create two separate DMZ's, one for proxyarp, the other
> Tom Eastep \ Shorewall - iptables made easy
> AIM: tmeastep \ http://www.shorewall.net
> ICQ: #60745924 \ firstname.lastname@example.org
> Shorewall-users mailing list