Proper subnetting and a correctly configured DNS is really the answer here. Yes you can use proxy arp, but I would suggest that if this user is having trouble with the simple set up he has and has not noticed that the ip addresses are set up incorrectly then is suspect there would be further trouble setting up proxy arp. Simply set up a rfc 1918 address range (192.168.1.* ) and mask it or use a second one on the other nic. This is not only best practice it is far simpler to configure for a new user. Also consider using the yast config for the firewall. This is simple enough for the settings he needs Brett Stevens On 25/5/04 23:18, "Thomas Seliger" <CRJLJAKTJORB@spammotel.com> wrote:
Hi,
I use a similar setup at work to split a range of 64 ip adresses into multiple demilitarized zones. I did not choose to use subnetting, as i wanted to move hosts easily between DMZs without changing their IP-Address. The setting you want is possible if you use a technique called "proxy arp".
I also suggest you use the shoreline firewall script to setup your firewalling and routing, instead of the SuSEfirewall script. It is easy to setup, even for complex settings (i dont want to start a flamewar, but shorewall is much more suited for complicated settings than SuSEfirewall IMHO). You can configure proxy arp very easily there.
Get shorewalll and shorewall tutorial from
In any case, i suggest you read the following about proxy arp:
http://www.sjdjweis.com/linux/proxyarp/ http://lartc.org/howto/lartc.bridging.proxy-arp.html
The second has an example, it should be easy to customize it to your needs.
peace, Tom
David Livingston wrote:
Internet | | eth0 (1.1.1.1) | FireWall---eth1 (1.1.1.2) | | Webserver (1.1.1.3)