I've been pouring through the docs and archives but can't seem to find the answer to these.
I've got a setup similar to Tom's 3 interface example, but with public IPs in the DMZ and proxy arp set to allow access to them. Question 1: If I want to firewall all but the necessary public services from the DMZ machines, should I be using SNAT rather than proxy arp? I guess I don't understand how shorewall interacts with proxy arp'ed machines if at all. Question 2: If using proxy arp, should clients on the internal network be able to access the DMZ machines by their public IP? Question 3: There is a public IP address that has a different gateway than the block of IP addresses currently in the DMZ. If I use SNAT with that IP, is there any way to specify a different gateway? I'm struggling to understand this part so if this makes no sense please ignore it. I apologize if this is covered somewhere. I've read the setup guide, Lynn Avant's proxy arp howto, and a lot of docs on the shorewall site but I'm still unclear on these points. Thanks! - Bob Coffman ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
