Very useful information, Charles. Although I don't quite get what proxy-arp really does and how it differs from, say, a strictly public DMZ. Perhaps a short explanation here will help set my mind straight. I am confused especially by the statement regarding separating the DMZ systems from the "raw" upstream connection. What is the benefit in that?
In a traditional strictly public DMZ (DMZ=YES setting), the upstream link to your ISP and the DMZ have *DIFFERENT* IP address ranges.
With proxy-arp, the upstream link and the DMZ network IP ranges are the *SAME*. Proxy-arp is the "magic" that connects systems through the firewall, but lets them think they're all on the same physical network segment.
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
