[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] IPsec Tunnel and L2TP Clients
 Date:  Mon, 7 Feb 2005 14:03:29 -0500
Josh M. Hurd wrote:
> So if I have server nat setup then monowall will listen to other IPs
> on the WAN interface?  No second NIC needed?
> Josh

True, no additional NICs are needed. Theoretically, you could have
several IPs on your WAN interface. But, you would be adding them one
by one... 

The idea would be that the main WAN IP (assigned under
Interfaces/console) would be used for the IPSEC tunnel. And the Server
NAT IP would be used as the destination for the remote L2TP clients.

With something like this:

    WAN (IP: x.y.z.1)
     |
  m0n0wall
     |
    LAN (IP: 192.168.0.1)
     |
    OSX (IP: 192.168.0.2)

Add a Server NAT for x.y.z.2 (don't forget a good description). I
assume you have a subnet routed to you, if this is *NOT* the case you
may need Proxy ARP.

In the Inbound NAT you can select x.y.z.2 as the external address
(before you only had "interface address" as a choice) and select
192.168.0.2 as NAT address. Select the external and internal ports as
appropriate. I assume you know what ports to forward. Also, don't
forget to check auto-add the firewall rules...

When your remote L2TP client connect they will connect to x.y.z.2 (not
x.y.z.1)

There would be no changes to the IPSEC tunnel or other services NATed
to your server. (i.e. SMTP to x.y.z.1 can still go to 192.168.0.2)

_________________________________
James W. McKeand