On Thursday 13 March 2003 11:45 am, Charles Steinkuehler wrote: > OK, so you want port-forwarding on the router, rather than any sort of > DMZ setup. > > You can probably get this to work, but the configuration details may > require some experimentation. > > I know Dachstein can run with multiple networks on the same interface, > as I have done that several times. I don't think you actually have two > networks on your upstream link, but instead have one network with a > block of IP's routed to you. This has the potential to confuse the > equipment upstream if you assign the extra IP's directly to the external > interface.
Thanks Charles, I wasn't aware this was possible on different subnets because of the resulting netmask used w/o hardcoding everything and bypassing parts of the scripts. My concern is that the 206.127.76.231/27 and the block of 206.127.77.48/28 are not at all within the mask range of his ISP. If you change the outgoing netmask to accept both blocks, then your also accepting a ton of addresses that aren't yours. > The "normal" way to do this would be to assign public IP's to the > desired desktop systems, but this is not necessarily ideal from either a > network topology (I'm assuming you have additional machines you do *NOT* > which to connect to, and limited IP space), or a security standpoint. If you can get the external interface to respond to the ip's, then you could simply 1-to-1 proxy-arp or static-NAT them to the machines inside and filter out everything but the desired protocol(s). Using static-NAT would also allow the machines to participate as normal LAN machines as well. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://www.guitarlynn.homelinux.org:81 ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
