On Thu, Mar 6, 2008 at 1:39 AM, Stuart Henderson <[EMAIL PROTECTED]> wrote: > > On 2008-03-05, Stuart Henderson <[EMAIL PROTECTED]> wrote: > > On 2008-03-05, Jussi Peltola <[EMAIL PROTECTED]> wrote: > >> On Wed, Mar 05, 2008 at 11:28:16AM +0000, Stuart Henderson wrote: > >>> There are ways, but they're hacks, and harder to get right than NAT or > >>> asking for another address. (And if you're already using NAT, you'll be > >>> renumbering the end hosts anyway, so moving block shouldn't be all that > >>> painful). > >> > >> Couldn't you bridge the DMZ? Not as simple, but not a hack either. > > > > Ah, how could I forget about that! (probably repressed from trying > > to combine it with rdr before and getting very confused :-) > > Oh, hang on. But then the IP address you were giving the firewall has > to be given to the router instead, so this doesn't gain you anything. > >
hmmmmm, maybe i misunderstanding the concept of a bridge, but from what i read you can assign an IP to $ext_if, and bridge (and filter off course) the $dmz_if to $ext_if ? where is the extra IP wasted? -- error: one bad user found in front of screen
