I have heard that the only way to work without NAT is to place the non NAT
machines in the DMZ. Is this correct? I suppose the only way would be a
three-homed perimeter because back-to-back DMZ would only work with NAT in
the DMZ, right? To what extend are the DMZ machines secured then? Is it
possible to work with sateful ip-filtering then?
Thanks, Michael
