[ previous ] [ next ] [ threads ]
 
 From:  Peter Allgeyer <allgeyer at web dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Questions Using Proxy ARP for DMZ
 Date:  Sun, 8 Feb 2004 14:12:56 +0100
On Sun, Feb 08, 2004 at 12:43:25PM +0100, Manuel Kasper wrote:
> So how do you get m0n0wall to send those packets to your DMZ interface 
> anyway? The answer is with 1:1 NAT!

Not really. Routing is the point. But as NAT seems to be performed before
routing in FreeBSD+ipfilter, the packets are sent to the interface, the
NATed addresses are belonging to.
> 
> It's only there to replace the automatic IP aliasing on WAN that we used 
> to have before pb27.
Manuel, why is there the restriction to the WAN interface? Why any
restriction to interfaces and IP-addresses anyway? A simple 'arp -s
hostname hw_addr pub' hasn't such a restriction. What I would like to
see, is a table hostname|hw_addr|description, so that I for myself can
define what MAC address to use (needed for VRRP for example).

Ciao ...
	... PIT ...

---------------------------------------------------------------------------
 copyleft(c) by |   _-_     Let's call it an accidental feature.
 Peter Allgeyer | 0(o_o)0   --Larry Wall
---------------oOO--(_)--OOo-----------------------------------------------