On Wed, Mar 5, 2008 at 11:04 AM, Stuart Henderson <[EMAIL PROTECTED]> wrote: > On 2008-03-05, Almir Karic <[EMAIL PROTECTED]> wrote: > > this is the deal, i am designing the network and i have some > > questions, regarding route (OBSD 4.2) setup. the relevant interfaces > > are $dmz_if (uplink for the servers in DMZ) and $ext_if the router > > uplink. > > > > the idea is to save one external IP by NOT assigning an external IP to > > the $dmz_if, is it possible? > > You say you're *designing* the network, so you're not trying to hack an > extra address out of an existing too-small setup. The correct approach is > to ask your ISP or LIR for a block of addresses the right size to fit > the machines you need. This is perfectly justified.
the situation is the following, right now we have a linux router with which has an 3 IF's uplink, dmz and lan, we don't like the way it does nat for both lan (which is OK) and DMZ, which has proven not to be too good, i am trying to replace that old linux router with OBSD router, and would like to take the oportinity to get rid of nat, while still not wasting the additional external ip. so no, i'm *not* trying to hack additional adress out of existing setup :-) > If you're desperate to save IP addresses, put the internal hosts on > private addresses and rdr the whole lot. Then because you don't need to > put the public addresses on an interface at all, you can also use the > all-0 and all-1 host addresses too. > nat is what i am trying to get rid of in the first place (at least in DMZ). -- error: one bad user found in front of screen
