On Thursday, Jul 3, 2003, at 15:13 US/Pacific, Robert Banniza wrote:
Since I only have one public IP, can I not use proxy arp to do this?
Proxy arp is only necessary in a few somewhat obscure cases, and basic
translation isn't one of them. In Morten's case, the aliases are so
the box can answer for multiple public IPs, regardless of what happens
to them afterward in pf. Proxy arp wouldn't be appropriate for that.
Simple nat/rdr translation for a single public IP doesn't require any
configuration beyond pf.conf in a routing scenario. For what you're
doing, I don't think you need to worry about bridging.
On Thu, 3 Jul 2003, Morten Norby Larsen wrote:
At 21:43 03/07/03, Robert Banniza wrote:
Thanks ALOT! So are you using NAT'ed networks on both the internal
and
DMZ? Also, can you tell me exactly how you set up your aliases? I'm
assuming this:
192.168.2.1 - is you DMZ interface card
1.2.3.4 - is you external interface card
Did you create an alias on the external interface card with an IP of
192.168.2.1? Thanks again.
Say you have a web server in the DMZ with address 192.168.2.52, and
you
want/need it NAT'ed to 1.2.3.5 on the external interface.
You can do that with the following command (<ext-if> = fxp0 or some
such):
ifconfig <ext-if> inet alias 1.2.3.5 255.255.255.255
