[Shorewall-users] proxyarp and nat

Tom Eastep teastep@shorewall.net
Thu, 4 Jul 2002 06:15:45 -0700 (PDT)

On Thu, 4 Jul 2002, Simon Matter wrote:

> But, you don't do what I'm planning to do, so this is wat I want:
> Imagine your own configuration but you move 'ursa' into the DMZ, you
> give 'ursa' the IP, and you're doing S/D-NAT
> <-> Another way could be to just forward ports, say
> -> Is it still okay?

Yes -- for the system in the DMZ to be able to communicate with each other 
though you would need to add hosts routes on each system.
> If not, should I create two separate DMZ's, one for proxyarp, the other
> for NAT/portforwaring?

That would make the routing more straight-forward.

Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net