[ previous ] [ next ] [ threads ]
 
 From:  "Neil A. Hillard" <m0n0 at dana dot org dot uk>
 To:  "M0n0wall (E-mail)" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Filtered Bridging Versus 1:1 NAT & DMZ
 Date:  Fri, 8 Dec 2006 10:16:22 +0000
Hi,

In message <26845D561256D3428A862700DAF69B581AEE75@AG-EX1>, Mark
Schoonover <schoon at amgt dot com> writes
>I've been tasked with setting up new mail,WWW and ftp servers. I do have
>enough public IPs for all my servers, but I want them to run behind M0n0. On
>the surface I understand the differences between a filtered bridge, and
>going 1:1 NAT to a DMZ. What's best?? Are there any benefits from one to the
>other?? Easier admin, or better network performance?

OK, you'll need to use 3 interfaces for a filtered bridge - LAN, WAN and
OPT1 whereas you could get away with two for 1:1 NAT and server NAT (I
believe).

A filtered bridge will allow you to access the servers on OPT1 from LAN
without having to override the DNS for LAN users.  I run my system that
way as I've been playing with SIP and it's much easier if you don't have
NAT involved.  You have to ensure that you have advanced NAT enabled and
_do not_ NAT traffic from LAN to OPT1.  I made some other posts on this
quite a while back - have a search on the mailing list for them.

My preference would be a filtered bridge as you say you have enough IP
addresses.

HTH,


                                Neil.

-- 
Neil A. Hillard                E-Mail:   m0n0 at dana dot org dot uk