Two VLANs, One Subnet

Michael Torrie torriem at
Sat Mar 10 11:49:15 MST 2007

On Sat, 2007-03-10 at 11:28 -0700, Michael Torrie wrote:
> Tis a vain hope, yes. :)  But this issue has nothing to do with saving
> IP addresses.  Typically it's about establishing a DMZ.  I get the
> impression (likely wrongly) you're thinking about NAT in terms of
> masquerading, when you say "save IP addresses."

I should note that if all your vlans are public ip addresses, then
normal routing works fine and we don't have to do any mucking about with
translations.  A DMZ can be established entirely based on routing, and
applying a firewall between each subnet.  If we all had IPv6, for
example, we could do such things.  It's just that when you add private
IP addresses to the mix (on the trusted side) and want your DMZ servers
to also have private addresses (as well as be seen publicly) that NAT
seems to be the best way to to do it.


More information about the PLUG mailing list