Firewall/NAT

I have a problem with NAT on my router (version 1.32 generic-pc)

The basic setup is this:

WAN: W.W.W.W/30
DMZ: D.D.D.D/29
LAN: L.L.L.L/24

My ISP routes D.D.D.D/29 through W.W.W.W.

I turned on Advanced Outbound NAT so DMZ accesses internet directly, and LAN accesses internet through NAT of W.W.W.W.  This works great.

I can access all DMZ servers on their public IPs.

NOW...

I also have a web server on L.L.L.L which I need to make public using NAT.

As soon as I add a Inbound NAT+Firewall rule: TCP Port 80 from WAN Interface Address to L.L.L.L, all TCP Port 80 on all DMZ ips now NAT to L.L.L.L

What is happening?

Summary:

Without Inbound NAT on W.W.W.W -> L.L.L.L
http : //D.D.D.D/ works

Add Inbound NAT on W.W.W.W -> L.L.L.L
http : //D.D.D.D/ shows L.L.L.L homepage

Inbound NAT on W.W.W.W should not affect D.D.D.D, right?

I have figured out what the problem is:

When I create a nat rule for the WAN Interface Address, m0n0wall generates an ipnat rule like the following:

rdr rl0 0.0.0.0/0 port 80 -> L.L.L.L port 80 tcp

This is a bug.  It causes the router to nat all requests even for ip addresses that are not the WAN Interface Address.  It should be creating a rule like so:

rdr rl0 W.W.W.W/32 port 80 -> L.L.L.L port 80 tcp

until this works as expected, my workaround is to never use the WAN interface address for NAT.