> To us, being in control and truly managing our domain necessitates doing > so from within our DNS configuration. We find that we can do our job > most reliably if we only require the ISP to forward to our domain from > within their upstream DNS. Although, many ISP's are eminently > competent, it is becoming all too common for us to bump into > incompetently setup DNS - especially those run from wintel ;<
Understood...that's exactly why I run my own mail & DNS servers. I just use the ISP for connectivity, and find I have far fewer problems that way. I've actually switched ISP's three times, with only minor outages to steinkuehler.net, and even those were avoidable if I'd botherd to take the time to do things properly... > wan1_IP_EXTRA_ADDRS="x.y.z.65" > > and, without any DMZ, we get what we want. Actually, going to the > Internet from the internal, private network, we appear to the Internet > as a.b.c.157, which does not appear to be any conceivable issue. > > Most importantly, when we do http://x.y.z.65/ from a remote Internet > site, we can get to our port-forwarded internal server !!! > > This is what our customer wants, so we are pleased. Excellent! > The confusion stems from doing this: > > wan1_IP_EXTRA_ADDRS="x.y.z.64/26" > > Although this is accepted by ipchains, only x.y.z.64 is pingable from > the Internet; but, as the network itself, we couldn't get to anything, > port-forwarding or not. > > What do you think? This makes perfect sense. IPChains sees x.y.z.64/26 as a network specification, and builds rules applicable for the entire network. Passing the same x.y.z.64/26 to "ip addr add" to assign IP's does *NOT* attatch all addresses to the interface, just the single specified address, with an attached CIDR subnet length of /26 (for the route that gets automatically generated). If you want multiple external addresses, you'll have to specify each of them seperately in _IP_EXTRA_ADDRS. I'm glad one of the easy solutions worked for you...I haven't played enough with linux directly connected to a T1 to know how it would behave... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
