followup on m0n0wall
Ben Scott
dragonhawk at gmail.com
Fri Feb 10 07:31:01 EST 2006
On 2/9/06, Bill McGonigle <bill at bfccomputing.com> wrote:
> This client has their DMZ IP's bridged to the WAN connection, so
> their servers have real IP addresses, not NAT'ed addresses. This
> is for historical reasons but it's so ingrained that short of their ISP
> and its netblocks going poof, it's never going to change ...
Can you switch to a routed configuration by using CIDR subnets
and/or NAT'ing the DMZ addresses (thereby eliminating the need to do
much, if any, IP reconfiguration)? Remember, NAT != RFC-1918. You
can NAT public IP space, too. (Granted, I dunno if FreeBSD supports
NAT'ing overlapping subnets, either, but maybe...).
-- Ben
More information about the gnhlug-discuss
mailing list