Jason Dixon a icrit :
Yes, this sounds similar to what you want to do. So basically, you want to bridge $ext_if with $dmz_if, and NAT $lan_if:network to ($ext_if). The NAT will happen first, then the outbound packet should "see" the DMZ server announcing itself via the arp "proxy". It sounds possible, although the filtering is bound to be tricky at best.
Actually no, I would like to bridge $dmz_if and $lan_if so they could be in the same subnet while allowing me to filter (PF) between the two segments.
Antoine
