Code:
INTERNET
|
|
modem
|
|
-------|------------
external
D
M
FBSD Z--------------- Server
router n
i
c
internal
-------|------------
|
|
|
switch
internal Lan
Since you seem not to have any issue with getting DHCP leases for the real nfe0 as well as the virtual ngeth0, you could try the topology from this diagram.
The DMZ nic gets the second IP address through DHCP.
The server nic can have a private 10.x.x.x address directly connected to the DMZ nic. This is possible, you only need to specify the
-interface modifier when you add the default route on the server.