[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IP forwarding of public IP with no NATing

To: "'Cedric Berger'" <cedric@wireless-networks.com>,Kevin Nottelling <ah_chang@hotmail.com>, tech@openbsd.org
Subject: RE: IP forwarding of public IP with no NATing
From: Gary Buckmaster <gary@BWAPR.com>
Date: Tue, 24 Jul 2001 09:57:29 -0700

Alternatively you could set up your firewall in bridging mode to your DMZ,
which would mean you don't have to spend any IP addresses on it, and further
makes it essentially transparent to the outside world.  A useful tutorial on
how to do this appeared a few months ago on daemonnews, the link is here:

http://www.daemonnews.org/200103/ipf_bridge.html

The only caveat is that you must pay very close attention to your ipf rules.
I've set up firewalls in this manner and they work splendidly.

> -----Original Message-----
> From:	Cedric Berger [SMTP:cedric@wireless-networks.com]
> Sent:	Monday, July 23, 2001 4:43 PM
> To:	Kevin Nottelling; tech@openbsd.org
> Subject:	Re: IP forwarding of public IP with no NATing
> 
> > > Could someone please tell me what I'm missing?
> >
> > Probably setting up proper static routes for all your networks (on *all*
> > your boxes)
> > If you don't know what I mean, send me the result of
> >    "netstat -nrf encap"
> 
> That was    "netstat -nrf inet", sorry.
> 
> >
> >
> > a "tcpdump -pni <internal_interface>" would be interresting too.
> >
> > Cedric

Prev by Date: IPsec lookup selects wrong SA
Next by Date: Re: IPsec lookup selects wrong SA
Prev by thread: Re: IP forwarding of public IP with no NATing
Next by thread: ~$gmentation of Internet users and non-users
Index(es):
- Date
- Thread