I am currently interested in setting up a three-legged network topology, using OBSD+PF as the firewall appliance. Originally, I was going to simply have the firewall equipped with three network cards: one for DMZ, one for LAN, the other for EXT/WAN/Internet (whatever you call this). The idea was for a switch to be used on both DMZ and LAN, providing NAT on both segments. Pretty straight forward.
Recently, it has been suggested that a transparent firewall implementation is ideal where possible. But as far as I understand, transparency is only available when the firewall acts as a bridge between TWO networks. How would I keep my DMZ and LAN both while using a bridging firewall. Is it even possible?
