[Shorewall-users] proxyarp and nat

Tom Eastep teastep@shorewall.net
Thu, 4 Jul 2002 06:15:45 -0700 (PDT)


On Thu, 4 Jul 2002, Simon Matter wrote:

> But, you don't do what I'm planning to do, so this is wat I want:
> 
> Imagine your own configuration but you move 'ursa' into the DMZ, you
> give 'ursa' the IP 192.168.2.2, and you're doing S/D-NAT 206.124.146.178
> <-> 192.168.2.2. Another way could be to just forward ports, say
> 206.124.146.178:80 -> 192.168.2.2. Is it still okay?
>

Yes -- for the system in the DMZ to be able to communicate with each other 
though you would need to add hosts routes on each system.
 
> If not, should I create two separate DMZ's, one for proxyarp, the other
> for NAT/portforwaring?

That would make the routing more straight-forward.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net