[ previous ] [ next ] [ threads ]
 
 From:  John Ackermann N8UR <jra at febo dot com>
 To:  "Neil A. Hillard" <m0n0 at dana dot org dot uk>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Routing to DMZ without bridging or NAT
 Date:  Thu, 27 Apr 2006 18:02:28 -0400
Neil A. Hillard said the following on 04/27/2006 05:46 PM:

> You can't have multiple interfaces with the same IP address.

That's too bad; it's been a useful trick in several networks I've been
involved with.

> If you're thinking that there's a problem accessing devices on an
> interface that is bridge with WAN then there really isn't a problem.
> 
> The documentation states that you cannot access devices on the bridged
> interface from a _NAT'd_ interface.  Simply enable advanced outbound NAT
> and ensure that LAN -> OPT traffic isn't NAT'd but LAN -> WAN is and
> you'll be laughing.

Thanks for clarifying that.  I guess the remaining downside is that the
DMZ doesn't get the benefit of any firewalling, but I suppose I can do
that locally on the servers (which are all Linux or FreeBSD).

Thanks,

John

> I'm using that exact setup on my m0n0wall (and have been for over a
> year).  I have a SIP server on OPT1 and it's setup like this because of
> NAT issues with SIP.  Now my SIP traffic isn't subject to NAT.
> 
> HTH,
> 
> 
>                                 Neil.
>