D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: patbuck on December 29, 2010, 07:13:12 AM

Title: Dual DMZ IP ranges
Post by: patbuck on December 29, 2010, 07:13:12 AM: I have been assigned a new wider range of static IP addresses and would like to migrate my servers on the DMZ from old addresses to new ones over time. The current address range will stop working eventually and by then all servers must be migrated to the new range. I was planning on setting up the new IP range in parallel to the current and add SAT rules from old addresses to new addresses for each migrated server during a shorter period in case someone tries to reach a migrated server by it's old IP.

How do I set up two IP ranges for the DMZ? I think I have it mostly done (perhaps not in the most optimal way though), apart from having the lowest address in the new range to do routing.

Cheers,
Patrik
Title: Re: Dual DMZ IP ranges
Post by: patbuck on December 29, 2010, 07:36:49 PM: Since nobody came up with an answer in a timely fashion, I had to go RTFM ;D

The solution was to ARP-publish the second IP on the DMZ interface with a 00-00-00-00-00-00 MAC (which seems to be undocumented shorthand for the actual MAC of the interface).

Happy new year!
/Patrik

SMF 2.0.13 | SMF © 2016, Simple Machines