[ previous ] [ next ] [ threads ]
 From:  "Kasper Pedersen" <m0n0list dash kkp at kasperkp dot dk>
 To:  <vbroady at superior dash tel dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Non-Nat DMZ
 Date:  Sat, 14 May 2005 18:59:39 +0200
----- Original Message ----- 
From: "Vance Broady / Superior Tel" <vbroady at superior dash tel dot com>
>I need to set up a non-nat DMZ.  A static WAN IP to an internal network
> (same) static IP.  Even a 1:1 nat will not work.  No translations of IP
> addresses can happen.  This is for a Linux-based communications server.

There are two ways to achieve this, and you probably won't like either of 

The first is to get a routed /30 or larger assigned and use ordinary routing 
to/from the network you dub your dmz. The upside is that it's the pure way 
to do this, and it'll work. always. The downside is that you need more 
routable addresses.

If you're really short on routable addresses and can't get a routed network, 
that leaves the filtering bridge option. Bridge the wan and dmz interfaces, 
and enable filtering bridge. Not pretty, but it solves the problem of 
getting VPN servers to work.