What I am interested to know however, is can multiple external interfaces be used?
eg. eth0, has.valid.ip.add, eth0:1 has.valid.ip.add2, eth0:2 has.valid.ip.add3
eth1 192.168.0.1 eth2 10.0.0.1
eth0 (and sub ints) is external eth1 is DMZ eth2 is internal
if I have 2 web servers internally and don't want to set up reverse proxy on squid (some people don't like this because of their sevrer logging)
and want to be able to forward NAT'd connections to two servers in the DMZ,
can I use eth0:1's IP for server1 and eth0:2's IP for server2 and set up my forward rules based on what address was requested (as you know I use SuSEfirewall2)
doing this will be no problem.
My concern comes in in that will the return traffic be nat's out the virtual interface that the connection came through?
I'am pretty sure. Put all the external interfaces (eth0:(1-3)) in the appropriate section auf your config file. Even if not you could enforce it by using some SNAT rules depending on the internal servers (IPs|MACs).