Hi, On Thu, Nov 14, 2002 at 01:55:59PM -0600, Miller, Jeff - x3328 wrote: > A weird addition I came up with involves having several nics on the 'DMZ > side' of either firewall. All machines within the DMZ would be multihomed, > with two point-to-point networks (255.255.255.252 subnet) connecting it to > both firewalls.
be shure to set up appropriate host routes, and it should work. maybe you need proxy_arp to route between the hosts within the dmz, and you have to choose a gateway for this (which may be a single point of failure in your specific setup). > Although I'm new to netfilter I haven't found anything that will keep this > idea from working. It's more a routing problem then netfilter... thought about putting a local firewall on every system within the DMZ? HTH Frederik Sch�ler
