Public IP in DMZ / Proxy ARP



  • Ok here is what I need to do , use a single or maybe two public ip address's in a DMZ while leaving the rest of the subnet on the firewall for port forwarding or 1 to 1 nat. Is this possible? Please take a look at the following how-to on shorewall, the first diagram is what I want to do :

    http://www.shorewall.net/ProxyARP.htm

    Here are some key points with my setup :

    I am not "routed" a subnet so I can not put all the public address's and route them to the dmz.

    I can not use nat or port forward for this single system, it has to have the real public ip address(S).



  • You can bridge. Short of a routed subnet or NAT, that's your only option. Details in the book.  http://pfsense.org/book


Log in to reply