[ previous ] [ next ] [ threads ]
 From:  Vittore Zen <drzen at gamebox dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  DMZ - confirm config
 Date:  Mon, 31 Jan 2005 09:37:40 +0100

my LAN

internet <-> (ip1)  m0n0 (ip2) <-> LAN

ip1: (eg. a static ip from an adsl ip range)

Now. I have a server1, a smtp+pop3, in DMZ
this server has public ip ip4 (dmz ip is

I do this:
1. create an proxy arp entry for
2. add  a rule to WAN interface to pass any traffic to
3. add a rule to pass any traffic from DMZ to any (WAN and LAN)
4. add a nat server
5. add a 1:1 nat

additionals steps:

6. modify internal dns so say that server1 is
7. modify external dns so say that server1 is

(note that smtp/pop3 are used both from internal and external users)

Are these corrects? Are these secure?

Thanks in advance.