LAN-WAN-DMZ with public IP addresses setup

From:	GC <gc at giecie dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	LAN-WAN-DMZ with public IP addresses setup
Date:	Tue, 05 Oct 2004 14:20:17 +0200

Hi,

I try to configure a monowall and need to keep my public IP addresses as 
they are.

WAN setup:
ISP range: x.x.x.x.168/29
WAN:x.x.x.172/29
ISP gateway: x.x.x.174/29

Machines in DMZ have a public IP address;
www1 & FTP x.x.x.169
www2 & FTP x.x.x.170
www3 & FTP x.x.x.171

LAN;
192.168.12.0/24
192.168.12.1 NAT x.x.x.173 Mailserver/fileserver

Put a 1:1 NAT for the mailserver works fine.
I don't have access on the DMZ machines form the LAN nor WAN.

I do allow:
WAN: *.DMZ net *.*
DMZ: *.* DMZ net.*

I've tried several configuration on the monowall but get only the LAN 
workstations accessible to the internet, but not my own www servers in DMZ.

Do I need to bridge DMZ with the WAN and 'enable filtering bridge' and 
enable advanced outbound nat?
Looking to the archives I see a lot of references to 'proxy arp'.

What's the right procedure, step by step, to get this setup running? I'm 
lost here...

Geert