You will need to use server NAT for this. To clarify, is this one
server with two public IP's assigned? Or two boxes with public IPs.
The following assumes that you have the two public IPs registered in
your DNS (www is .115 and mail is .116) and that you only have two
interfaces on your m0n0wall. In order to not use "Internal NAT" for
your web server you would need to add a third interface to the m0n0
(create a DMZ). You can do this with one private IP on you server.
The first thing you will have to do is to statically assign private
IP(s) to the server(s). I.e. 192.168.1.1 (and 192.168.1.2 - if two
On the Firewall -> Aliases page: create an alias(es) for your
server(s) with internal address(s) This make NAT/Firewall rule simpler
to create and "blue" field can be an alias. And if you ever need to
change this internal IP you do not have to edit all of the NAT and
Firewall rules to allow the traffic, just edit the alias.
On the Firewall -> NAT page -> Server NAT tab: enter the public IPs
with descriptions (www is .115 and mail is .116)
On the Services -> Proxy ARP page: add the public IPs with
descriptions (this is to allow the WAN interface to respond to
multiple public IPs)
On the Firewall -> NAT page -> Inbound tab: add rules (three rules)
with the following:
External address: Pick the appropriate Server NAT address (i.e.
xxx.xxx.xxx.115 or xxx.xxx.xxx.116)
Protocol: TCP (Leave at TCP)
External port range from: Pick service (i.e. HTTP, SMTP, POP3)
NAT IP: Enter the Alias for the server.
Local port: Leave as set by External above
Description: Give it a good one like "Web" for HTTP, "SMTP Mail" for
SMTP, and "POP3 Mail" for (you guessed it) POP3.
Check the box next to "Auto-add a firewall rule to permit traffic
through this NAT rule" (VERY IMPORTANT - the firewall rule will have a
description like "NAT Web")
That is as quick of a config as I can provide.
Good luck and have fun...
James W. McKeand
From: C.G.L [mailto:bm underscore pro at yahoo dot co dot uk]
Sent: Saturday, October 16, 2004 11:15 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] How to attach public IPs to the servers behind
I am very new with Firewalls so hence limited experience with
The question is how to have PCs with public IPs attached to them BUT
some ports open.
My current setup is
Lucent Router with no NAT ( I have a range of public IPs)
The router has IP xxx.xxx.xxx.113 and subnet mask 255.255.255.240
I setup up m0n0wall with the WAN ip address xxx.xxx.xxx.114 and
The NATed clients with IPs 192.168.1.xxx are working just fine.
I want to have a firewalled web server with IP xxx.xxx.xxx.115 (not
NAT) and a mail server (in the same hardware server) with ip
I need only port 80 on the web IP and ports 110 & 25 on the mail IP.
These IP addresses should be binded to the same server (i.e eth0, eth1
Whatever I tried I coudn't make it work.
Anyone patient enough to give me quick configuration please??
Thank you advance,
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch