[ previous ] [ next ] [ threads ]
 
 From:  Bart Smit <bit at signature dot nl>
 To:  mark wolfe <markw at wolfenet dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Multiple WAN ip addresses
 Date:  Tue, 24 Jun 2003 12:12:43 +0200 (CEST) 
> > I've got a couple addresses that I'd like to NAT to boxes on the DMZ
> > interface.  However, it looks like you can only assign 1 address to

I never understood the DMZ myself. I seem to have missed the point that
one could want to do NAT on it.

> I believe you want to use an IP alias.? Head to the

I'm realy having difficulties with this concept of NATting the DMZ.
I want to be able to place servers behind m0n0wall (in the DMZ) without
doing too much reconfiguration on the servers themselves.

I have:

  ---WANrouter---+-------+---m0n0wall---+-----+--------
                 |       |              |     |
               serv1   serv2           pc1   pc2   etc.

I want:

  ---WANrouter----m0n0wall-------+-----+-------
                     |           |     |
                 +---+---+      pc1   pc2   etc.
                 |       |
               serv1   serv2

So why not do proxy ARP for boxes in the DMZ on the WAN interface (and for
the WAN router on the DMZ interface)? In that way, routing WAN-DMZ traffic
is cleaner (without state tables on m0n0wall), and the DMZ boxes will
still have the right idea about their own IP address. Only difference now
is a firewall in between (which is exactly what we want).

--B