|
||||||||
Based on what read in the docs and some of Manuel's posts to the list, seems like having a routable subnet for DMZ is NOT a good idea, or am I missing something here? I wonder what is the theory behind this. Why using proxy ARP or bridging is better/cleaner? There is LAN <> DMZ issues for bridged interfaces, and I always thought that proxy ARP should be used as a last resort. I have been using spilt subnets (routable IPs for DMZ) for a few years with a custom FreeBSD+IPFilter+NAT box, and didn't really have any problems. Can anyone enlighten me on this? Cheers, Roman |