[ previous ] [ next ] [ threads ]
 From:  bmah at acm dot org (Bruce A. Mah)
 To:  Thomas Biedorf <tom at startmovie dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] How to route "real" IPs from WAN to DMZ?
 Date:  Tue, 22 Jul 2003 06:32:41 -0700
If memory serves me right, Thomas Biedorf wrote:

> What I don't get is: The ISP router serves all IPs to m0n0wall. Why 
> can't m0n0wall decide, where to route the remaining IPs (since m0m0wall 
> needs two of them)? Would it work if I define the m0n0wall IP of the 
> DMZ on our servers as a gateway?
> Maybe there are some more ideas out there? Ok, I am not really an 
> IP-guru, please forgive my ignorance!

Another way to do this is to bridge your DMZ interface to your WAN
interface.  Just set your WAN interface to the netblock assigned to you
and set the DMZ interface to be bridged to the WAN interface.  I'm
actually running like this right now.

One potential disadvantage to doing this is that, as written, m0n0wall
can't apply any firewall rules to bridged traffic.  I have some patches
for fixing this problem.  This allows you to use m0n0wall as a stateful,
filtering bridge.  I'll try to write these up later today.