> another quick question, ok.
>
> my is eth0_IPADDR=146.9.31.19 should my DMZ card eth1_IPADDR=146.9.31.19
> also?
>
> I saw this in Rick's Proxy-ARP documentation, but your CD-LRP scripts
> have the addresses as eth0_IPADDR=0.0.0.170 and eth1_IPADDR=0.0.0.171
As far as I know, there's only one reason to put seperate IP's on the
external and DMZ interfaces of your LRP box running a proxy-arp DMZ: The
current versions of IPSec don't like dealing with configurations where two
interfaces have the same IP.
If you want to run FreeS/WAN IPSec on your LRP firewall, you either need to
assign different IP's to the external and DMZ interfaces, or patch FreeS/WAN
to ignore one of the interfaces so it doesn't get confused on startup.
Since I general use the LRP firewalls as VPN gateways as well as firewalls,
and usually have IP's to spare, my proxy-arp setups have seperate IP's on
these interfaces...if you're not running a VPN and have no plans to, you can
make the IP's the same.
Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
