So, I have a bridge set up between my DSL gateway and my DMZ, which
is using globally visible IPs. I also have a range of unroutables
on a third interface. What I want to do is to take one of the
machines in the unroutable range and make it accessible from the
world using one of the DMZ ips. It is not practical to relocate
this machine onto the actual bridged interface for security reasons.
The problem: When the bridge comes up, since the machine isn't
physically there to respond to its probes, it decides not to bridge
packets bound for the IP that will be natted to the internal machine.
Right now, I just have a machine that IS physically in the DMZ using
IP aliasing on the IP that I want the internal machine to have, just
to force the bridge to try to bridge (and subsequently NAT) packets
bound for that address. Needless to say, that's ugly. Is there any
way to just force the bridge to deal with packets bound for a machine
that is logically, but not physically on the other side ?
__________ ________________________
|_Real_Svr_| |_Phantom_IP_for_Int_Svr_|
| |
DMZ (global IPs)
||
||
________ ________
| Int | | |
| Server |======| Bridge |=== World
|________| |________|
--
Josh Litherland ([EMAIL PROTECTED])
It is by the juice of Mtn Dew that thoughts acquire speed.
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
