On Fri, Mar 7, 2008 at 12:53 PM, Stuart Henderson <[EMAIL PROTECTED]> wrote: > > hmmmmm, maybe i misunderstanding the concept of a bridge, but from > > what i read you can assign an IP to $ext_if, and bridge (and filter > > off course) the $dmz_if to $ext_if ? where is the extra IP wasted? > > Because you still need to use one of the public addresses as a > gateway for the other machines. If you bridge it goes on the router, > if you route it goes on the firewall. (since you say you are NATting > for another subnet, you obviously already need to have a public > address on the firewall to NAT to).
no NAT in DMZ :-) (at least that is the plan) if the DMZ is bridged to $ext_if, won't it use the same gateway as my router? -- error: one bad user found in front of screen
