From owner-freebsd-net@FreeBSD.ORG  Sat Oct  1 20:02:46 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 100EC106566C
	for <freebsd-net@freebsd.org>; Sat,  1 Oct 2011 20:02:46 +0000 (UTC)
	(envelope-from fjwcash@gmail.com)
Received: from mail-vx0-f182.google.com (mail-vx0-f182.google.com
	[209.85.220.182])
	by mx1.freebsd.org (Postfix) with ESMTP id B70188FC19
	for <freebsd-net@freebsd.org>; Sat,  1 Oct 2011 20:02:44 +0000 (UTC)
Received: by vcbf13 with SMTP id f13so2890781vcb.13
	for <freebsd-net@freebsd.org>; Sat, 01 Oct 2011 13:02:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	bh=Spp2Sl+n+xUEKN/YW98ke2y3WVMQncu7ufKZHMidXbs=;
	b=NAlku6HR6x5j9hqUO9h04kvYVr/O6zC4iSASOy/J9AoT9TVmIj9PdrwQVEOLUrI9Cc
	7RL8pIqvc8y0ss3nuQSaeVQF+KNM2COjM5uh/tVDLLgMSD6fbPMW8z26JiOoty7u6ZTW
	iYvVTmIIh+B4yfSHJKyIyFo7W3GgcCBJreGzM=
MIME-Version: 1.0
Received: by 10.220.141.144 with SMTP id m16mr3748936vcu.107.1317499363979;
	Sat, 01 Oct 2011 13:02:43 -0700 (PDT)
Received: by 10.220.186.196 with HTTP; Sat, 1 Oct 2011 13:02:43 -0700 (PDT)
Received: by 10.220.186.196 with HTTP; Sat, 1 Oct 2011 13:02:43 -0700 (PDT)
In-Reply-To: <4E876705.3040806@wp.pl>
References: <4E412116.1070305@wp.pl>
	<CAOjFWZ4B3uUfOLAzL=B1WY98rqi6X32j7FM61VjJ3td76NkADg@mail.gmail.com>
	<4E422A74.3090601@wp.pl>
	<CAOjFWZ5CK62nQMA8JsfW1b4BQh3hAJbAAynortzaUBqSWBwdSQ@mail.gmail.com>
	<4E7B450F.5050802@wp.pl>
	<CAOjFWZ6wf9NnVeffUV4uA6h1t-1T8juxXycZbM7+GgpFC-HkUg@mail.gmail.com>
	<4E84B447.7010509@wp.pl>
	<CAOjFWZ4XOU2dT3+L6AJeUNO7QcC=0ymLXN3GMkzCuoB3a1Qyew@mail.gmail.com>
	<4E84DE26.6030103@misal.pl> <4E85D8CB.6010104@wp.pl>
	<CAOjFWZ6xZ5bDcm6aAVvwz47rmYLEqSyKO5Bzg3aQPHS-o98w_w@mail.gmail.com>
	<4E876705.3040806@wp.pl>
Date: Sat, 1 Oct 2011 13:02:43 -0700
Message-ID: <CAOjFWZ7LV3z=22mPLXw-T0W6dJCfVVZ9Q+d+Kxg1VFdM51eLww@mail.gmail.com>
From: Freddie Cash <fjwcash@gmail.com>
To: Marek Salwerowicz <marek_sal@wp.pl>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: freebsd-net@freebsd.org
Subject: Re: ipfw - accessing DMZ from LAN
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Oct 2011 20:02:46 -0000

On Oct 1, 2011 12:16 PM, "Marek Salwerowicz" <marek_sal@wp.pl> wrote:
>
> W dniu 2011-09-30 17:44, Freddie Cash pisze:
>
>>
>> that's the correct behaviour, as the public IPs are physically assigned
to
>> the interfaces on the router.  Thus, connecting to the public IPs from
the
>> router ... will connect to the router.
>>
>> You need to ping the private IPs from the router, since the router is
>> directly connected to the private networks.
>>
> And how about pinging from other DMZ host to DMZ host (both are in the
same subnet)  ?
> Am I able to allow them to contact using public IPs?

No. They would have to connect using private IPs.

However, you could setup split-DNS or views and just configure everything to
connect using hostnames. It's extra work to setup, but does make things
easier down-the-road.

Freddie
fjwcash@gmail.com