> Thank you for your reply charles. > but forgive me for I don't quiet understand what you mean. > Are you saying that I could only have 2 machines in my DMZ ? OR I could only > have 2 ip's bound to my eth0?
I was offering an alternate network structure... > Actually I want to have as many as possible legal IP's bound to the eth0, > because I have many servers here in my DMZ. If it's possible I don't want to > make LRP box for each of them, it's extravagant. It would be very nice if I > could just build one LRP box and then port forward all services to each of > those servers. > I know that there's a LRP product called *SHARE THE NET* that is able to do > this, but I don't like it because it could not boot off a CDROM. Daschstein > CD is what I want because it could boot off a CDROM. You can do what you want with Dachstein. Use the the DMZ_SERVERn variables (which allow you to specify which external IP you want to forward) to setup your DMZ services. NOTE: I think there are ways around the FTP problem mentioned below by Ed Tetz, but it requires using the advanced routing features of the kernel, and I haven't personally tried to set it up. If you want to experiment, post on the LEAF-user list, and I'll try to help you set it up. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > thank you. > -------- > > Charles Steinkuehler writes: > > > It's also possible to use static-NAT, or proxy-arp in this environment. > > While only two of the 3 IP's can be used directly on DMZ machines, you can > > still port-forward services from the router's public IP to machines on the > > DMZ. > > > > Charles Steinkuehler > > http://lrp.steinkuehler.net > > http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > > > > > > ----- Original Message ----- > > From: "Ed Tetz" <[EMAIL PROTECTED]> > > To: "GREGOR" <[EMAIL PROTECTED]>; "linux-router" > > <[EMAIL PROTECTED]> > > Sent: Tuesday, January 15, 2002 6:47 AM > > Subject: Re: [Leaf-user] multi ip port forwarding > > > > > >> Hi Gregor, > >> > >> I know that I had some issues with this. I had 2 alias address bound to my > >> external interface. I was able to receive traffic on them and portfw them > >> correctly. But then I tried FTP and I found that all other outbound > > traffic > >> gets masq'd on the primary IP, not the alias. From what I read at the > > time, > >> that is just how it is, and you cannot masq out with the alias IP. That > > also > >> gave me a problem with my Dynamic DNS, as it would register the primary, > > and > >> not the alias address. > >> > >> This might give you a problem with SMTP, but I wouldn't think that it > > should > >> affect the Web, and Pop components. > >> > >> I hope that helps a bit. _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
