18 Jul
2001
18 Jul
'01
07:43
"gabriel.rivera" wrote:
One thing I forgot:
It actually doesn't work if the internal interface has a real address on the same subnet as the external firewall interface and the internal hosts!! So much for the subject heading :[
I think it should work with real IPs on both NICs, too. Suppose your "protected" machines are connected to eth1, then, after setting up the ARPs and Routes as you described, a echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp should do. Now the firewall should do proxy arp for all machines it can reach via eth0. Greets, Soeren Eyhusen.