Thanks very much for your help Charles. It doesn't really make any difference to me if I use port forwarding or a virtual DMZ... I just want it to work! :-) Obviously I'd like the most secure and best performance option available (in that order).
I haven't been able to find a whole lot of documentation on the implementation of the NAT 'virtual interface'. Is this the correct way to set this up?
Probably not. The NAT DMZ stuff is setup to map extra external IP's to DMZ systems, for folks who have a typical cable-modem or xDSL setup where they get more than one IP.
<snip NAT stuff>
If I do it this way, do I then set up the DMZ below in the script? Even though it's called a virtual interface, I still have to use a real ethernet adapter, right?
One other thought that I had: Install another NIC with the secondary IP's, set my DMZ_SWITCH=YES and configure my internal interfaces to use BOTH 192.168.10.x AND 206.127.77.x Or should I set the switch to NAT and do port forwarding? I've read the "Instructions for configuring network.conf" that you wrote (thanks for that). Is there anywhere else I can find additional documentation on the DMZ stuff?
Other than my network.conf reference, not really: http://lrp.steinkuehler.net/files/packages/network.txt
As Ray mentioned, how you setup your firewall will depend to a great extent on exactly what your ISP is doing with your IP's.
You indicated they are routed to your firewall, but that could still mean any one of several different possible configurations.
Probably the best thing you could do at the moment would be to grab a tcpdump of the external interface traffic while running your current configuration (as previously posted) and trying to ping it from elsewhere on the 'net. Also include your firewall rules (the output of "net ipfilter list"). That should allow us to figure how your ISP is forwarding traffic to you, and verify your firewall rules are not blocking the traffic.
Once we know how the traffic is being presented to your router, we can suggest appropriate configuration options.
FYI: You'll probably want something like the following tcpdump command while attempting to ping:
tcpdump -i eth0 -n
If possible, run this test when there's not a lot of other activity on your external link.
-- Charles Steinkuehler [EMAIL PROTECTED]
-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
