Firewall/NAT

Hi All,

I want to achieve the following :

* Assign public IPs to hosts in the DMZ
* Each host to be on an isolated network, aka vlan or physical interface

From the following post (http://forum.m0n0.ch/index.php/topic,753.0.html) I believe this can be done, assigning a public ip /range to the dmz interface and thereafter assigning a single host in the DMZ network a public IP.

It would look like this :

internet<--->wanip<-->dmz public ip<-->dmz host

so for traffic to reach the internet from the dmz host it would have to go through it's gateway (dmz interface) then to the wan gateway.

The reason I am after this particular solution is that you can only have two interfaces in a bridge pair and therefore can't  have 5 public ip dmz hosts on eth0 and 5 public ip dmz hosts on eth1.

Any help would be appreciated

Hilton.

Another way to go might be to set up multiple vLANs in the DMZ to give the isolation, then use Proxy ARP to assign the public IP addresses to the WAN interface and set up the Server NAT and inbound/1:1 NAT & rules to pass the desired traffic to and from the servers.

Thanks for the reply. If I did it that way then I couldn't give the hosts a public ip. One of the hosts is another monowall that needs to terminate a ipsec vpn, so I don't to use NAT. Do you think my suggested solution will work (asides from it halving my available ip addresses) ?

H