Based on what read in the docs and some of Manuel's posts to the list,
seems like having a routable subnet for DMZ is NOT a good idea, or am I
missing something here?
I wonder what is the theory behind this. Why using proxy ARP or
bridging is better/cleaner? There is LAN <> DMZ issues for bridged
interfaces, and I always thought that proxy ARP should be used as a
I have been using spilt subnets (routable IPs for DMZ) for a few years
with a custom FreeBSD+IPFilter+NAT box, and didn't really have any
Can anyone enlighten me on this?