On Wed, Feb 13, 2002 at 05:07:35PM +0100, Ard van Breemen wrote: > On Wed, Feb 13, 2002 at 11:00:35AM -0500, Adrian Chung wrote: [...] > > Is this for real? So you bind 127.0.0.1 to both eth0 and eth1, not > > using an ISP assigned IP at all on the bridging box, and you'd still > > be able to route from the ISP's network through to machines on the ISP > > assigned network? > Be careful however, you don't want to send icmp_host_unreachables with > source ip 127.0.0.1, I don't think they get far. > Anyway, 127.0.0.1 is as far as I know a special adres, also for the > kernel. I haven't experimented with that... > If you want to have any sane outgoing source ip addresses, you also > have to set the default source ip for the outgoing routes. True enough... However, in my case anyways, it's not an issue. I already have a box that's using an ISP assigned IP as a gateway, but using aspects of the above solutions, I can now have all my DMZ servers funnelled through the one machine. That means that traffic control/shaping and bandwidth monitoring should become real easy, as it means one access point into/out of the network, but still with IP assigned IPs on the DMZ machines. Sorry if this is not news to anyone else, it's an amazing revelation to me. :) -- Adrian Chung (adrian at enfusion-group dot com) http://www.enfusion-group.com/~adrian GPG Fingerprint: C620 C8EA 86BA 79CC 384C E7BE A10C 353B 919D 1A17 [toad.enfusion-group.com] up 2:24, 1 user, load average: 0.00
