[Shorewall-users] DMZ Access

Tom Eastep teastep at shorewall.net
Sat Aug 2 14:55:21 PDT 2003


On Fri, 2003-08-01 at 22:49, Joshua Banks wrote:
> Hello,
> If your using proxy arp then you should be assinging
> the machines the public addresses not private ones
> from what the Documentation on Proxy Arp section
> points out on the Shorewall site.

no no no no no....

The three-interface quick start guide tells *EXACTLY* how to do what
Dubba wants by using a simple DNAT rule. See
http://shorewall.net/three-interface.htm under the heading "Port
Forwarding" (you should have followed this document carefully setting up
your firewall in the first place).

Proxy ARP only works when your internal systems have public IP
addresses.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net



More information about the Shorewall-users mailing list