[CentOS] [OT] Corporate Firewall -- NAT/PAT != bridging/routing with inspection

Ryan ryanag at zoominternet.net
Fri Nov 11 01:00:17 UTC 2005

Bryan J. Smith wrote:
> Adam Gibson <agibson at ptm.com> wrote:
>>M0n0wall is a freebsd based system but it does support a
>>public IP DMZ/Service interface.  You have to enable 
>>advanced NATing.
> Layer-3/4 Source and Destination NAT/PAT (network/port
> address translation) is _not_ the same as layer-2 bridging or
> layer-3 routing between networks and inspecting the packets
> then.  I think he's looking for layer-2 bridging or layer-3
> routing, not SNAT/DNAT.

M0n0wall can be configured as a bridging firewall.

It only appears to be another IP on the LAN when in this mode and does 
not do NAT.

 >IPCop does SNAT/DNAT, and can translate multiple public IPs
 >into private ones -- LAN, 2nd LAN (e.g., WLAN), DMZ, etc...
 >as well.

Yes, but you need to seriously hack it.....IPCop doesn't support 
multiple subnets on the same interface (LAN or WAN) very well at all.

Pre-built m0n0wall boxes are pretty cheap these days:

More information about the CentOS mailing list