Re: [m0n0wall] DMZ, bridging or routable subnet?

From:	Roman Yashin <romany at sseriga dot edu dot lv>
To:	Manuel Kasper <mk at neon1 dot net>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] DMZ, bridging or routable subnet?
Date:	Wed, 14 Sep 2005 09:01:06 +0300

Manuel,

I am sorry for the confusion. I guess it's just the way I've 
interpreted it. Thanks for clearing it up for me, and thank you for 
putting so much effort into m0n0wall.

Cheers,

Roman


On Sep 14, 2005, at 8:50 AM, Manuel Kasper wrote:

> On 14.09.05 08:22 +0300, Roman Yashin wrote:
>
>> Based on what read in the docs and some of Manuel's posts to the
>> list, seems like having a routable subnet for DMZ is NOT a good
>> idea, or am I missing something here?
>
> What? I don't think I ever said that. Using public IP addresses
> directly on the DMZ network (which I assume is what you mean) is
> indeed the best solution, as then you don't have to mess with NAT,
> bridging or proxy ARP and its peculiarities. But often people don't
> have enough public IP addresses to do this.
>
> - Manuel