On Mon, Jun 16, 2003 at 03:40:54PM +0200, Cedric Blancher wrote: > Le lun 16/06/2003 à 14:46, George Vieira a écrit : > > You don't need to put the External IPs on the eth0 device for the > > internal machines to be DNATed. What's the reason you have eth0:0 0:1 > > and 0:2? > > If you don't add IPs you want to DNAT to external interface, there won't > be anyone to answer ARP requests on them, You can do proxy-arp... However, you have to have a route to those IP's... Ramin > as Netfilter does not. So you > have to add them, using aliases (eth0:*) or iproute2 (ip addr add $IP > dev eth0). > > > -- > Cédric Blancher <blancher@xxxxxxxxxxxxxxxxxx> > Consultant en sécurité des systèmes et réseaux - Cartel Sécurité > Tél: +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 > PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE >