I had promised a couple of people that I'd post results after I tested this out, so here goes.
I have a Pfsense 0.81 box set up with three realtek cards set up in this configuration: rl0: OPT1 (bridged to WAN) rl1: WAN (static IP address) rl2: LAN (NAT'd RFC 1918 network) The setup I used as an example is from the m0n0wall docs indicated here: http://m0n0.ch/wall/docbook/examples-filtered-bridge.html The question came up regarding the ability of LAN machines to access to machines inside the DMZ serviced by OPT1. In the m0n0wall documentation, this is not possible, but in my preliminary testing I found that LAN machines had no problem talking to the DMZ. In talking to Scott, this comes out of the fact that PfSense uses a different bridging mechanism than m0n0wall and so this particular caveat is not an issue in PfSense. Under a default configuration, the LAN network segment(s) will have unfettered access to the DMZ segment(s). I hope this clears up some questions people might have about this kind of a setup.
