On Tue, Jun 28, 2005 at 12:24:42PM -0700 I heard the voice of Eric Frazier, and lo! it spake thus:
But can I do this without setting up another nic? So is it possible to use DHCP to get an IP alias?
I don't think it is (I tried it a while back). I've heard there are some tricks you can do to sweet-talk it, but I don't know them. You could try manually adding the alias to it after DHCP brings up the main address, maybe. But that leads into the NAT-or-not below...
Is there a better way to allow this internal machine to have its own IP but still be firewalled?
Well, you can NAT it, or you can give it the address and route it. If you route it, you can either do it by having your upstream route that address through your firewall box explicitly, or you can proxy ARP it (this all assumes, of course, that the upstream has already allocated you the IP; otherwise it's academic). I tend to prefer routing the address over NAT where possible; I've had to do too much fiddling with boxes that were addressed by a number they didn't really know was them. You can firewall the packets passing through the machine whether or not you NAT. And for a simple setup like this, doing a proxy ARP would probably be easier than trying to get the upstream routing table right. -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ On the Internet, nobody can hear you scream.