Simon Matter wrote: >> I don't think so. >> >> The requirement for the software I want to utilise dictates that the IP >> address of the system be the real world address. >> >> I have to be able to configure the virtual machine's eth0 as >> 203.xxx.xxx.xxx and not any of the IP's from a private subnet. > > You may want to use proxyarp then. I think Tom has even made some nice > docs about it and it's really the cleanest way to do such things. >
I agree that proxy arp is the way to go. The question of whether another firewall interface is needed depends on whether the local hosts need access to the virtual machine. If so, it will work best if the virtual machine's network interface is connected to a separate firewall interface. If Marcus has a VLAN-capable switch though, there is no need to add another NIC to the firewall; simply use Linux VLAN support on the current local interface. If the local interface is eth1, VLAN support will create eth1.0 and eth1.1 which are separate interface as far as Shorewall is concerned. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
