On 5/3/06, Mark Wass <mark dot wass at market dash analyst dot com> wrote:
> I am doing Proxy ARP for the DMZ.
That's it, that's why. Your ISP should be routing that DMZ subnet to
your WAN IP, and hence proxy ARP is unnecessary, and breaks your
configuration because that makes all the DMZ IP's go to m0n0wall's WAN
interface instead of your DMZ.