Hi Everyone, I'm a newbie to this forum but I've dabbled in Linux for while. I have a question regarding setting up a firewall to run an internal LAN and a DMZ with static IP's.

I've got a Smoothwall setup with the three zones:

Green : Private addresses in the 10.x.x.x subnet
Orange : I have a range of static IP's that I use
Red : Another single static link IP

Its running fine and I'm using port forwarding to allow access to the WWW servers in the orange zone. However, I'm going to be adding more WWW servers, and I want to use my static IP range and route between Red->Orange and expose these static IP's to the external world. My ISP is already routing packets destined to the Orange IP's toward the Red interface.

I read in another post on this forum that Smoothwall defaults to assuming that the Orange (DMZ) network is using private addresses.

I'm after some advice on whether I should modify the Smoothwall IPChains tables to setup routing between Red->Orange. I'm not sure of the implications of modifying a package like Smoothwall and what happens if I use the Smoothwall web admin tool, and its effect on my modifications. Are there any web sites documenting this type of mod to Smoothwall? I have looked for this info, but haven't found much, and was wondering if there was a reason that this isn't a popular thing to do?

Would I be better off to replace Smoothwall with a regular distro of Linux with minimal packages and setup IPTables or IPChains? I'm happy to build this firewall from scratch because as a side effect, I'll get a better understanding of exactly what traffic is flowing through my firewall.