Hi *, Brett Stevens wrote:
Simply set up a rfc 1918 address range (192.168.1.* ) and mask it or use a second one on the other nic. This is not only best practice it is far simpler to configure for a new user.
Internet | | eth0 (1.1.1.1) | FireWall---eth1 (1.1.1.2) | | Webserver (1.1.1.3)
I think Brett ist right, i misread your config. Somehow i saw 3 interfaces in your config. Putting a rfc1918 subnet behind eth1 and masquerading / portforwarding traffic would be a solution. Proxy arp only makes sense in your setting for example: if you are in, lets say, a class c network and got no central firewall. If you want to secure computers with various IP-Adresses (not a subnet) and have no possibility to put a central firewall in front of the network, then a proxy arp firewall could be used to split off those hosts and put them in a dmz. But Brett is right, thats kind of an advanced setting. Perhaps you could provide us with more details (why you want the setup you described: no masquerading etc.)? peace, Tom