On Wed, Jul 10, 2002 at 05:42:43PM -0700, Jeff Newmiller wrote: >On Wed, 10 Jul 2002, George Georgalis wrote: > >> Bering rc2 >> >> This is the general procedure I use to bring up networking... I >> understand there is a way to bring up an interface to listen to an >> entire subnet, not just an address. > >Are you thinking of proxy-arp? > >http://www.shorewall.net/Documentation.htm#ProxyArp >
Interesting, but not what I had in mind. I'm using nat for a dmz and rather than bring up an each available ip as an alias, I thought there was a way to bring up the subnet and let iptables take over from there. >> Can someone help me with the ip syntax? > >Why are you re-inventing the network scripts? > >It hardly looks like Bering when you do this. See below... There are a few reasons I did it this way. I started to use shorewall but found it more complicated to learn than the iptables scripts alone, especially because the rules will change often, remotely, via scripts, to manage new hosts; seemed easier just to scp an iptables script and execute regularly with cron. Oh, I saved a lot of space not using the shorewall.lrp too, enough to fit in sshd.lrp which is a necessity because there is no room for a video card, only interfaces. I guess that explains why I use the network script too, saving space on the floppy. I think I'm going to make a basic network.sh, and scp the larger one to the running image. Thanks, // George -- GEORGE GEORGALIS, System Admin/Architect cell: 347-451-8229 Security Services, Web, Mail, mailto:[EMAIL PROTECTED] File, Print, DB and DNS Servers. http://www.galis.org/george ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Two, two, TWO treats in one. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
