On Sat, 2007-03-10 at 11:28 -0700, Michael Torrie wrote: > Tis a vain hope, yes. :) But this issue has nothing to do with saving > IP addresses. Typically it's about establishing a DMZ. I get the > impression (likely wrongly) you're thinking about NAT in terms of > masquerading, when you say "save IP addresses."
I should note that if all your vlans are public ip addresses, then normal routing works fine and we don't have to do any mucking about with translations. A DMZ can be established entirely based on routing, and applying a firewall between each subnet. If we all had IPv6, for example, we could do such things. It's just that when you add private IP addresses to the mix (on the trusted side) and want your DMZ servers to also have private addresses (as well as be seen publicly) that NAT seems to be the best way to to do it. Michael /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
