If memory serves me right, adam at ruffdogs dot com wrote:
> I have a setup which I don't know if it's too unusual or not. We have 128 IPs
> on our WAN, let's call it x.x.x.0/25. We also have a 192.168.0/24 LAN. I'd
> like the WAN interface on the m0n0wall to be x.x.x.2, serving the NAT'd LAN
> behind that. My DMZ interface needs to be bridges with the LAN interface so we
> can firewall x.x.x.0/25 hosts behind the DMZ nic.
> This works fine, but traffic from/to x.x.x.2 (and the 192.168.0.0/24 NAT'd
> network behind it) does not make it to hosts behind the DMZ nic.
> Is this a known limitation or bug? Would a pf-based (ala OpenBSD or freebsd's
> port) firewall work for this?
This problem has been discussed at least once on the list fairly
recently. It's basically an odd interaction between bridging and
NAT-ing. I don't know of a solution, but if this was my network, I'd
have one m0n0wall box to do the filtering bridge functionality and
another to do the NAT-ing.