Josh M. Hurd wrote:
> So if I have server nat setup then monowall will listen to other IPs
> on the WAN interface? No second NIC needed?
True, no additional NICs are needed. Theoretically, you could have
several IPs on your WAN interface. But, you would be adding them one
The idea would be that the main WAN IP (assigned under
Interfaces/console) would be used for the IPSEC tunnel. And the Server
NAT IP would be used as the destination for the remote L2TP clients.
With something like this:
WAN (IP: x.y.z.1)
LAN (IP: 192.168.0.1)
OSX (IP: 192.168.0.2)
Add a Server NAT for x.y.z.2 (don't forget a good description). I
assume you have a subnet routed to you, if this is *NOT* the case you
may need Proxy ARP.
In the Inbound NAT you can select x.y.z.2 as the external address
(before you only had "interface address" as a choice) and select
192.168.0.2 as NAT address. Select the external and internal ports as
appropriate. I assume you know what ports to forward. Also, don't
forget to check auto-add the firewall rules...
When your remote L2TP client connect they will connect to x.y.z.2 (not
There would be no changes to the IPSEC tunnel or other services NATed
to your server. (i.e. SMTP to x.y.z.1 can still go to 192.168.0.2)
James W. McKeand