If memory serves me right, Federico Krum wrote:
> Version 19 brought bridgeing at last. So... I need the following setup
> My provider is giving me a block of16 ips in the datacenter.
> I want my lan machines to have this public ips IN SIDE the lan.
> How can I do this WITHOUT seting NAT at all ?
I think you need a machine with three interfaces for this to work, but
I'm not sure.
Call the three interfaces on the m0n0wall box WAN, LAN, and INSIDE.
The end goal is to have WAN and INSIDE look like a single IP subnet
with the m0n0wall box in the middle doing stateful packet filtering.
WAN is set up normally (give the m0n0wall box one address from your
/28 allocation). LAN has nothing attached to it except when you need
to access the Web GUI via HTTP. Bridge the INSIDE interface to the
WAN interface and enable filtered bridging on the Advanced Features
Set up firewall rules on the WAN interface for outside machines to
access the INSIDE machines (e.g enable HTTP for your Web server(s)).
Set up firewall rules on the INSIDE interface for these machines to
access the outside Internet.
Assign addresses from your /28 allocation to your machines on the
INSIDE network. Voila, you're NAT-free.
It might be possible to do this with only two interfaces (bridging LAN
to WAN), but I never tested this configuration.