On Tue, 2004-05-18 at 16:48, Daniel Chemko wrote: > Ok, one more thing: > > Is the address 10.73.219.156 the only IP address on the external > interface of the server1? > > If you don't bind the 10.73.219.156 IP address to the ethernet interface > on server1, then hosts on that network won't be able to find the server > even with the prerouting rule. You could solve this by Proxy-arp or just > simply adding another IP address to the outside interface. > > This may be redundant, but I don't believe the external interface's been > discussed at all as a possible issue. I believe that is the only address bound to the external interface. The entire unusual premise is that is the only address available. There is already a web server at that address listening on port 80 and the user wants to give users access to a different web server. Since he only has the one IP address, he is sending traffic for the second web server to port 8080 and then DNATting that traffic to the other web server on port 80. -- John A. Sullivan III Chief Technology Officer Nexus Management +1 207-985-7880 john.sullivan@xxxxxxxxxxxxx --- If you are interested in helping to develop a GPL enterprise class VPN/Firewall/Security device management console, please visit http://iscs.sourceforge.net
