> > I've got a couple addresses that I'd like to NAT to boxes on the DMZ
> > interface. However, it looks like you can only assign 1 address to
I never understood the DMZ myself. I seem to have missed the point that
one could want to do NAT on it.
> I believe you want to use an IP alias.? Head to the
I'm realy having difficulties with this concept of NATting the DMZ.
I want to be able to place servers behind m0n0wall (in the DMZ) without
doing too much reconfiguration on the servers themselves.
| | | |
serv1 serv2 pc1 pc2 etc.
| | |
+---+---+ pc1 pc2 etc.
So why not do proxy ARP for boxes in the DMZ on the WAN interface (and for
the WAN router on the DMZ interface)? In that way, routing WAN-DMZ traffic
is cleaner (without state tables on m0n0wall), and the DMZ boxes will
still have the right idea about their own IP address. Only difference now
is a firewall in between (which is exactly what we want).