On Thursday 13 June 2002 7:55 pm, [EMAIL PROTECTED] wrote: > hi: > i use snat for lan(192.168.10.0/24) to dmz(172.16.10.0/24), > but i found that way lan PC will become only one ip to dmz server. > so i think if i can bound another ip (eg: 192.168.10.2) to firewall, > and use dnat for lan to dmz. can anyone suggest which kind of DMZ is > better?
Why do NAT at all between internal LAN and DMZ ? Why not just route packets with no NAT involved, and allow the ones you want, block the ones you don't... ? Antony.
