Hi ! I was looking around a long time till I found the LEAF project, wich could be the solution to all my needs. Since a few weeks I work my way to the Bering and Shorewall documentation and I am not sure if I am on the right way. So I hope someone can tell me if I am right or should start again with a different approach. Now heres my situation:
We have a subnet with 128 public IP addresses, wich are assigned to servers and workstations as well. All machines are using only local security features like personal firewalls. The future goal is to split to a dmz and a local net. But at the moment that would mean too much work to reconfigure all machines. So I want to do the changes step by step. For the first step I decided to use ProxyArp cause this means no reconfiguration, just putting the firewall between the IPSs router and my switch. The simplest set up I found is to use one public IP address for eth0, another public address on eth2 and a RFC1918 address on eth1 for future use. Then all I have to do is set the proxyarp option in the shorewall interfaces file for both eth0 and eth2. Is that correct ? Example: Public subnet assigned by ISP: 192.0.2.128/25 ISP Router: 192.0.2.129/25 Firewall: eth0 192.0.2.130 (to router) eth1 192.168.1.254 (to future local net) eth2 192.0.2.131 (to dmz , actually the whole current net) shorewall interfaces file: net eth0 detect proxyarp,norfc1918 loc eth0 detect dmz eth0 detect proxyarp Thanks in advance Bj�rn _______________________________________________________________________ ... and the winner is... WEB.DE FreeMail! - Deutschlands beste E-Mail ist zum 39. Mal Testsieger (PC Praxis 03/04) http://f.web.de/?mc=021191 ------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
