On Thu, 01 Aug 2002 17:55:11 EDT Sean Woodruff wrote:
> Hello all, > > I'm currently helping a friend setup Bering-rc3. He has a DSL modem > (Fujitsu Speedport) and a block of 5 IP's provided by his ISP. Is it > possible to configure a Bering box -or any LEAF distro- with two NIC's > (eth0...Internet & eth1...Intranet) so that eth0 can handle requests from > the 5 external IP's? That is a fairly typical setup. Bering/Shorewall or Dachstein should work just fine. Your friend can use Proxy-arp if he wants the hosts behind the firewall to have public addresses (which can eliminate some name resolution hurdles). I believe SNAT will also work if you want the firewalled hosts to have rfc1918 addresses. There's some great documentation on shorewall.net. At the least http://www.shorewall.net/ProxyARP.htm , http://www.shorewall.net/Documentation.htm#NAT , and maybe http://www.shorewall.net/FAQ.htm#faq3 will probably be interesting. I don't have a link handy for Dachstein, but I'm sure a bit of googling for "Dachstein" and "proxy-arp" or a search of the mailing list archives will turn up something useful. The comments in network.conf will also help. There is nothing to prevent other LEAF variants from working either, but a bit of extra work may be necessary to get the routing right. Good luck. Let us know if you run into any specific problems. Oh, and one more thing... If some of the 5 IPs are for public servers and there will also be a MASQ'd "private" network, you may want to put a third interface in the firewall and put the public servers in a DMZ to help protect the private network in the event that a server in the DMZ is compromised. --Brad ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
