Quote:
|
...If I go with choice #3, my concern is what will happen with the existing private LAN when it tries to talk to one of my public IPs? Will the right thing happen regarding the binat?
|
No. If you use NAT on your Internet-exposed subnet, you will have to route traffic to local servers (whether in a DMZ or not) via their local, untranslated network addresses.
See the
Redirection and Reflection section of the PF User's Guide. The chapter hasn't changed much since the fork, other than using different PF syntax. It does discuss DMZs, but not as a direct solution.
http://www.openbsd.org/faq/pf/rdr.html#reflect