A bit of clarification for the archives... > Some things which will seem obvious to other folks > that were not obvious to me, which I used from the > casano.com EigerStein v1.1 Proxy-Arp DMZ example: > > 1) External interface and DMZ interface IP addresses > need to be the same address for Proxy-Arp DMZ.
You MAY assign the DMZ and external interface the same IP, but this is not a requirement. For folks with one of the /29 static xDSL networks (5 usable IP's), this can be important, saving an extra IP for a server system. *WARNING* Assigning two interfaces the same IP confuses the current FreeS/WAN IPSec code, which was initially developed when such things were not possible. If you're planning on running IPSec on your firewall, and don't want to patch the code to ignore one of your two identical interfaces, you need to give the external and DMZ interface unique IP's. > 2) eth0_ROUTES="default.gw.ip" entry needed??? (I put > this in since casano did.) This is mandatory. The firewall has no idea which IP's are connected to the two identically numbered networks (your external network and the DMZ network). You use the routing tables to specify which interface to use to reach various systems. Typically, the 'default' will be to have all IP's on the DMZ, with just your gateway IP on the external net. If you have some other systems connected directly to the external network for some reason, you'll need to add their IP's to eth0_ROUTES as well (assuming eth0 is your external interface). > 3) xxxx_PROXY_ARP=YES in both ext. and DMZ > interfaces. Not much proxy-arping happens without this ;-) Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
