The whole thing is interesting from the academic standpoint. What would happen with two interfaces of the same IP?
Its not academic from a system administrator's point of view, s/he'd get a headache :-) Depending on the *nix, it would work. For example, Linux would cope but AIX3 would not or a least SMIT would not let you do it. The real problem is that you have to sake such care in configuring your hosts that it becomes a disaster waiting to happen. For example: - You must specify all routing by device to ensure subnets are not assumed. - If the DMZ network is not a maskable block, you are in to a route per host. - Either all hosts on each of the identical interfaces must route to their own subnet via the firewall if they wish to talk to the other part of the subnet or the firewall must proxy arp for the hosts on the DMZ - Broadcasting will only occur on one of the interfaces -- maybe! There's probably a lot more but I hope that is enough to put you off. Here is a version that will work. Assigned address space assumed as 1.2.3.0/nn. Interfaces Red=1.2.3.1, DMZ=10.0.0.1, Green=10.0.1.1. DMZ_Hosts=10.0.0.0/24 plus alias on each host set to its assigned address. All that now needs to be configured is the routing in the firewall for each DMZ host. You also have a model that can be bolted down even tighter using switch technology or forcing all traffic via the firewall. Another option is to forget the aliassing and use one the address translation facilities. YMMV. John