Let's go back to the list.

> Does this actually work for you, because it doesn't work for 
> me. I've tried this. With this setup, not even my LAN can 
> reach the WAN IP. Monowall config looks like this:
> 
> WAN:
> x.x.x.242/29
> Gateway x.x.x.241
> 
> DMZ:
> x.x.x.249/29

Ok 

> From a DMZ machine I can't reach the WAN or the ISP gateway. 
> From the ISP Gateway I can't reach the WAN or anything on the 
> DMZ. What do your DMZ machines use as gateways (the WAN IP or 

The DMZ interface of m0n0wall.

> the ISP gateway IP)? How is your ISP routing traffic to your 
> /28 (or does your ISP route to each /29 differently)? I know 

All together, he doesn't know about my subnet.

> how to subnet - what I don't know is how to set up monowall 
> to move traffic through my WAN to the DMZ behind it.
> 

I've specified the DMZ server in 'Server NAT' and the /29 DMZ net 
in 'Proxy Arp'. Then apropriate rules WAN -> DMZ and some for 
DMZ -> WAN. 

@Brian:
I haven't special route for the DMZ, the routing daemon is handling
this. The settings above should be enough. I've a special route to 
a far LAN (behind another router), so I use 'Enable advanced outbound 
NAT', but this shouldn't care the DMZ.

Jürg