On 14.09.05 08:22 +0300, Roman Yashin wrote:
> Based on what read in the docs and some of Manuel's posts to the
> list, seems like having a routable subnet for DMZ is NOT a good
> idea, or am I missing something here?
What? I don't think I ever said that. Using public IP addresses
directly on the DMZ network (which I assume is what you mean) is
indeed the best solution, as then you don't have to mess with NAT,
bridging or proxy ARP and its peculiarities. But often people don't
have enough public IP addresses to do this.