In message <44513F74 dot 1020601 at febo dot com>, John Ackermann N8UR
<jra at febo dot com> writes
>Neil A. Hillard said the following on 04/27/2006 05:46 PM:
>> You can't have multiple interfaces with the same IP address.
>That's too bad; it's been a useful trick in several networks I've been
I've never had cause to use that. I can't think of why I'd need it
instead of a bridged interface (unless you wanted multiple interfaces
>> If you're thinking that there's a problem accessing devices on an
>> interface that is bridge with WAN then there really isn't a problem.
>> The documentation states that you cannot access devices on the bridged
>> interface from a _NAT'd_ interface. Simply enable advanced outbound NAT
>> and ensure that LAN -> OPT traffic isn't NAT'd but LAN -> WAN is and
>> you'll be laughing.
>Thanks for clarifying that. I guess the remaining downside is that the
>DMZ doesn't get the benefit of any firewalling, but I suppose I can do
>that locally on the servers (which are all Linux or FreeBSD).
There isn't a downside! Just go into the 'Advanced' menu and check
'Enable filtering bridge'. Then add the necessary rules. I wouldn't
dream of giving the world access to my SIP server :-)
Neil A. Hillard E-Mail: m0n0 at dana dot org dot uk