[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Roman Yashin <romany at sseriga dot edu dot lv>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] DMZ, bridging or routable subnet?
 Date:  Wed, 14 Sep 2005 07:50:58 +0200
On 14.09.05 08:22 +0300, Roman Yashin wrote:

> Based on what read in the docs and some of Manuel's posts to the
> list, seems like having a routable subnet for DMZ is NOT a good
> idea, or am I missing something here?

What? I don't think I ever said that. Using public IP addresses
directly on the DMZ network (which I assume is what you mean) is
indeed the best solution, as then you don't have to mess with NAT,
bridging or proxy ARP and its peculiarities. But often people don't
have enough public IP addresses to do this.

- Manuel