[Shorewall-users] proxyarp and nat
Thu, 4 Jul 2002 06:15:45 -0700 (PDT)
On Thu, 4 Jul 2002, Simon Matter wrote:
> But, you don't do what I'm planning to do, so this is wat I want:
> Imagine your own configuration but you move 'ursa' into the DMZ, you
> give 'ursa' the IP 192.168.2.2, and you're doing S/D-NAT 188.8.131.52
> <-> 192.168.2.2. Another way could be to just forward ports, say
> 184.108.40.206:80 -> 192.168.2.2. Is it still okay?
Yes -- for the system in the DMZ to be able to communicate with each other
though you would need to add hosts routes on each system.
> If not, should I create two separate DMZ's, one for proxyarp, the other
> for NAT/portforwaring?
That would make the routing more straight-forward.
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ firstname.lastname@example.org