Neil A. Hillard said the following on 04/27/2006 06:10 PM:
>>>You can't have multiple interfaces with the same IP address.
>>That's too bad; it's been a useful trick in several networks I've been
> I've never had cause to use that. I can't think of why I'd need it
> instead of a bridged interface (unless you wanted multiple interfaces
It comes down to having a featureful bridge that can do filtering. If
you don't have that, and you have a limited number of publically visible
IPs (for example, my block of five), using one address on both the WAN
and DMZ interfaces leaves one more to use for a machine on the DMZ.
> There isn't a downside! Just go into the 'Advanced' menu and check
> 'Enable filtering bridge'. Then add the necessary rules. I wouldn't
> dream of giving the world access to my SIP server :-)
OK, even better.
Just to explain where I was coming from, to implement this with Linux
Router Project, I had NAT between LAN and WAN, plain old routing between
WAN and DMZ, and proxy ARP to advertise the DMZ machines out to the
Roadrunner-provided cable router that sat in front of the LRP machine.
If I can accomplish the same thing more simply, so much the better.
Thanks for the clarifications!