On Tue, Jun 28, 2005 at 12:24:42PM -0700 I heard the voice of
Eric Frazier, and lo! it spake thus:
>
> But can I do this without setting up another nic? So is it possible
> to use DHCP to get an IP alias?
I don't think it is (I tried it a while back). I've heard there are
some tricks you can do to sweet-talk it, but I don't know them. You
could try manually adding the alias to it after DHCP brings up the
main address, maybe. But that leads into the NAT-or-not below...
> Is there a better way to allow this internal machine to have its own
> IP but still be firewalled?
Well, you can NAT it, or you can give it the address and route it. If
you route it, you can either do it by having your upstream route that
address through your firewall box explicitly, or you can proxy ARP it
(this all assumes, of course, that the upstream has already allocated
you the IP; otherwise it's academic).
I tend to prefer routing the address over NAT where possible; I've had
to do too much fiddling with boxes that were addressed by a number
they didn't really know was them. You can firewall the packets
passing through the machine whether or not you NAT. And for a simple
setup like this, doing a proxy ARP would probably be easier than
trying to get the upstream routing table right.
--
Matthew Fuller (MF4839) | [EMAIL PROTECTED]
Systems/Network Administrator | http://www.over-yonder.net/~fullermd/
On the Internet, nobody can hear you scream.
