More firewall fun

[Joe Tseng]

I was recently informed my network setup was incorrect and I needed to use a dual-homed proxy server.  So now I'm reworking my setup where the outside network, firewall, proxy, and intranet are aligned serially.  I've got IP forwarding enabled on my firewall and disabled on the proxy.  When I try to ping or access a web server from behind the proxy I noticed on the proxy the iptables PREROUTING counter would tick upwards.  Is it the right thing to disable IP forwarding on the proxy?  If so, how can I get the packets through without mangling the destination IP?  Is there something else I'm completely missing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20071211/0e0f004d/attachment-0001.htm>