Hi, Still have some problems with multiple IP addresses. I''m thinking of change one-to-one NAT to ProxyARP, but I have one question: My Internal network is 192.168.1.1-192.168.1.x and my public addresses are eg. 1.2.3.1 - 1.2.3.4 Firewall machine has two interfaces eth0 is internal network and has address 192.168.1.1 and eth1 has address 1.2.3.1 I have three servers, two Linux servers (one firewall machine, one server behind one-to-one NAT and one Windows server running under VMWare Server). I also has Samba running on firewall machine. I like to have Windows server behind ProxyARP and if it has external address like 1.2.3.4 is it possible to use Windows File Sharing because other internal machines has internal network addresses and Windows Server has external addresses and is using ProxyARP? I''m not so experienced to configure bind to use views, so proxyarp sounds much better. Some hints or tips? ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Ville Virtanen wrote:> Hi, > > Still have some problems with multiple IP addresses. I''m thinking of > change one-to-one NAT to ProxyARP: >Don''t do it. Using Proxy ARP on a set of systems on a local LAN with other systems having RFC 1918 addresses is very tricky to get right. And it''s a bad idea, in my opinion. Carefully follow Shorewall FAQ 2a and you should be able to get one-to-one NAT working. And if you can''t, if you submit a problem report as described at http://www.shorewall.net/support.htm#Guidelines, we will try to get it working for you.> I''m not so experienced to configure bind to use views, so proxyarp sounds > much better.Bind views are a much better solution. But frankly, the idea of having a bunch of internet-accessible servers on the same LAN as Windows boxes scares me to death. My best recommendation would be to put your servers on a separate LAN segment. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Tom Eastep escribió:> But frankly, the idea of having a bunch > of internet-accessible servers on the same LAN as Windows boxes scares me to > death. My best recommendation would be to put your servers on a separate LAN > segment. >yeah. in case you don''t follow this advice, tell us were to send the flowers and the condolences please ;P what u are doing is a very, very bad idea.. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV