On Wed, 2003-08-20 at 10:47, Dieter Kasielke wrote: > On Wed, 20 Aug 2003 16:22:56 +0200 Marc Balmer wrote: > > On Wed, 20 Aug 2003 13:27:36 +0200 > > Jan Roeloffzen <[EMAIL PROTECTED]> wrote: > > > > > NETWORK and SERVERS should be on the same subnet to make it work with a > > > bridge. Your second setting with routers suggests they are not? > > > > In my setting, they actually are in the same subnet. The bridge "divides" the > > ethernet segement in two parts, both contain hosts in the same subnet. > > > > Yet, it does not work.... > > > > - Marc > > > It cannot work. Bridges are layer 2 devices. They forward packets based > on layer 2 addresses. Rewriting the IP address (layer 3) is something > the bridge will not notice, because there is no routing involved and > hence no lookup of the (new) layer 2 address. The bridge simply forwards > to the original layer 2 address.
This _can_ work if you've assigned an IP address to the front of your bridge. I've setup a hybrid bridge/router box where the 2nd leg is a NAT'd LAN and the 3rd leg is a bridged DMZ. All traffic on ($ext_if) port "whatever" is redirected to a server on the DMZ. Of course, this is not a true layer-2 bridge for that traffic, but it can be done. But no, unless your firewall/router has a reason to handle the packet at layer-3 (besides filtering), you can't redirect. You'll need an IP on xl1 to do what you propose. -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net