Dan,
Many thanks for your help. I am very grateful for this.
I think I know what is (at least part of) the problem.
Charles's proxy-arp option 3) (I list all of them below for
completeness) appears to depend on the special case:
The external (=internal) router address must be in the same network as
the public address range of the DMZ.
In my case, if I use proxy-arp, then the router address is not
accessible from the internal network.
I get two incompatible networks (Router/DMZ) because internal and
external IPs of the router have to be the same.
Please correct me if I am wrong.
I am getting really desparate now because I cannot see any way out of
this.
I have been hoping for more than a week now that I can discover how
the LRP router and Charles' more capable variants can do what a CISCO
ethernet to ethernet router can do (I know it does a lot more on the
firewall side but I am stuck with routing).
I need routing of multiple public IP addresses that are outside the
network of the external router interface.
At this stage, the only way out appears to be to use the software as a
bridge. But I understand that this provides no security at all.
Again, please correct me if I am wrong.
Charles' available options for a public IP DMZ network are:
1) Add the extra IP addresses as aliases to your external LRP box.
...
2) Put your server machines on a Private IP DMZ
...
3) Setup a proxy-arp DMZ.
...
My setup is as follows:
~~~~~~~~~~~~~~~~~~~~~~
{ Internet }
~~~~~~~~~~~~~~~~~~~~~~
|
---------------
| ISP |
---------------
|
|
Ethernet
|
IP3 (public IP, assigned by ISP, Network 1)
-----------------------
| eth0 |
| LRP ROUTER |
| eth1 |
-----------------------
|
|
| If the router is on different network then I
| can't ping it from the web server box :(
-----------------------
| IP1 eth0 | on public IP network 2
| | IP2 eth0:0| on public IP network 2
|Web Server | |
| Web Server |
-----------------------
Any help is highly appreciated.
Regards,
Bernard
[EMAIL PROTECTED]
On Sun, 8 Jul 2001 11:20:36 -0500, you wrote:
>Bernard,
>
>I am responding because it's a quiet weekend, and the regular gurus seem to
>be out enjoying the summer weather. Notice the exclusivity of the previous
>statement --- I place myself outside that group known as "gurus." :) As I
>indicated in my previous response, I have a similar setup, and I'll help you
>"braille" thru this the best I can. Hopefully (crosses fingers), the
>regular brainatalia will be back soon.
>
>I'll pick thru your configs to see if I can spot anything obvious, but in
>the meantime, take a look at:
>http://www.gnuchina.org/ftp/linux/document/LinuxRouter/dox/pa.txt
>which gives a good description of the basic process. Pay particular
>attention to the 2 numbered bullets at the very end. Cached ARP information
>upstream can make you think it's broke when it ain't :)
>
>Dan
[snip]
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
