[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ftp-proxy's inability to proxy using arbitrary source ip addresse s
> Let's say 188.8.131.52 is part of a /29. The router routes the entire /29 to
> the firewall, which routes it to a network of machines on the inside. It
> would be impossible to actually number the outside interface 184.108.40.206 and
> at the same time route the /29 to the other side. You could break up the
> /29, but then you would have significantly less useable addresses.
Ah. Now I understand WHY you configured things as you did,
but I think it's very wrong.
This is screaming for a transparent (bridging) firewall.
NAT shouldn't even be necessary here.