Jason, thanks for the helpful reply.
>Ok, your ISP is sending you 123.45.67.90? You'll have to publish an ARP for
>that address on the external LAN. That is, suppose the MAC of eth1 is
>DE:AD:BE:EF:00:00, you'll need to "arp -s 123.45.67.90 DE:AD:BE:EF:00:00 pub".
>That's on your firewall, obviously.
Yes, my ISP is sending me .90. That's why I specifically wrote:
>: Assume that my ISP will route all traffic for the two static external IPs
>: 123.45.67.89 and 123.45.67.90 to me.
But from my original question - if I'm only ever going to have one DMZ
machine (not a whole network) hanging off the firewall, instead of
publishing an ARP for the MAC address of the DMZ, could I just set the eth2
address to the _external_ IP, and choose a dummy address in the same
123.45.67.xxx network for the server itself? In other words:
/^^\ (xDSL) 123.45.67.89 ------------------
/net/<-------------------->|eth1 |
\__/ | firewall |
192.168.0.1 |eth0 eth2| 123.45.67.90
------------------
---------------- ___ | |
| good eth0| <---|hub|---- \|/
| internal net | --- ------------------
|192.168.0.xxx | | | eth0 DMZ |
---------------- \|/ | ftp/webserver |
etc. | 123.45.67.254 |
------------------
Would this eliminate needing to set up static routing, etc?
thanks /David/
PS: To reiterate Leonard's plea: People on the list are getting REALLY
sloppy about killing quoted material in their replies. Those of us who read
via digest (rather than individual messages) are severely impacted by this
laziness. Most digests lately are 35k in size, of which about 5k is
headers, 25k is useless quoting, and only 5k is real information. Please
USE THE DELETE KEY. Thanks.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
