You also talked about a lan network which uses NAT which is ok. "right now we have a linux router with which has an 3 IF's uplink, dmz and lan, we don't like the way it does nat for both lan (which is OK) and DMZ,"
ok, enough guessing about your network, please show the actual layout (addresses/netmasks/default route/any static routes added) if you need more help... On 2008-03-07, Almir Karic <[EMAIL PROTECTED]> wrote: > On Fri, Mar 7, 2008 at 12:53 PM, Stuart Henderson <[EMAIL PROTECTED]> wrote: >> > hmmmmm, maybe i misunderstanding the concept of a bridge, but from >> > what i read you can assign an IP to $ext_if, and bridge (and filter >> > off course) the $dmz_if to $ext_if ? where is the extra IP wasted? >> >> Because you still need to use one of the public addresses as a >> gateway for the other machines. If you bridge it goes on the router, >> if you route it goes on the firewall. (since you say you are NATting >> for another subnet, you obviously already need to have a public >> address on the firewall to NAT to). > > > no NAT in DMZ :-) (at least that is the plan) > > if the DMZ is bridged to $ext_if, won't it use the same gateway as my router?
