Folks,

I have been running NetBSD for a while now as my firewall. Finally the time
has come to enhance the firewall to provide for a DMZ.  I understand the
concept but I don't know exactly how to implement it.  So here are my
questions:
Does the IP address for the DMZ matter?  I am currently using 192.168.0.x on
my internal network, can I simply use 192.168.1.x or should I use the class
A or class B address range?  If so, why?
In my current firewall, I have not mucked with any routing to allow the
clients to access the Internet.  I have only had to setup IPNat correctly.
Will this change?  Am I going to have to mess with the routing at all for
the clients to access the Internet?  My guess is: no.  Considering the DMZ
is also going to need to be NATed, I assume that the same applies.  Correct?
Routing:  I assume that I will have to setup some routing for the traffic to
go from the Intranet to the DMZ.  How do I go about doing that from both the
command line and auto-magically when the firewall reboots.
Does anyone have any advice on how to setup the ipfilter rules going to the
DMZ?
Sam