I'm replacing a firewall/router based on the Linux Router Project to a
Soekris 4801 and am considering using m0n0wall; overall it looks like a
very good product.
I'm trying to understand if I can replicate my current DMZ structure
with m0n0wall. I've looked at the FAQ and neither the DMZ-using NAT nor
DMZ-using-bridging options really meet my needs (because I've recently
had trouble using NAT to an internal NTP server, and I need my local
network to be able to reach the DMZ -- those requirements seem to rule
out the two DMZ examples in the FAQ).
My current architecture uses NAT for the internal network, but simple IP
routing for the DMZ, passing through the ipfilter. Also, I use the same
IP address for the WAN and the DMZ interfaces on the firewall box (ie,
my provider gives me a block of five static addresses; the bottom one is
picked off for the firewall/router, with the other four passed on to the
In other words: eth0 is the wan, with address xx.xx.xx.238; eth1 is the
DMZ, also using address xx.xx.xx.238; eth2 is the LAN, using NAT and
address 192.168.x.x. Traffic for addresses xx.xx.xx.239-.242 goes
through the packet filter and out the DMZ port.
Can m0n0wall: (a) use the same IP address on both the WAN and DMZ
interface, and (b) do simple routing and firewalling between WAN and DMZ
without NAT or bridging?