> DMZ=PROXY > This setting uses proxy-arp to separate your DMZ systems from the "raw" > upstream connection. The main benefit to using proxy-arp is your DMZ > systems can have REAL PUBLIC IP's. The main drawback is it's kind of > complex to get the networking and firewall rules setup correctly, but > that's now pretty easy since I folded support into the main Dachstein > scripts for this sort of setup.
<snip> > I suggest using proxy-arp DMZ's if at all possible on both ends > (assuming you have multiple IP's you can allocate to DMZ systems). > > Note there are a few tricks to setting up a proxy-arp DMZ > (mainly in how > you setup routing, and an understanding of the arp protocol and arp > cache timeouts), so don't be afraid to ask for help with the > config file > details if you decide to setup this sort of DMZ. > > -- Very useful information, Charles. Although I don't quite get what proxy-arp really does and how it differs from, say, a strictly public DMZ. Perhaps a short explanation here will help set my mind straight. I am confused especially by the statement regarding separating the DMZ systems from the "raw" upstream connection. What is the benefit in that? Unfortunately, we are constrained by very limited IP address range at work so I believe we will be forced to use private DMZ. Since I use Cox as my ISP at home, I only get one IP address and it's of the dynamic variety! So, again, it looks like selecting private DMZ is the way to go at home. Thanks for the write-up. ~Doug ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
