[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] WAN's, LAN's and me being below average IQ
 Date:  Mon, 7 Feb 2005 16:31:31 -0500 
Thomas wrote:
> I currently have 2 public IP addresses: 195.215.1.10 and
195.215.1.11
> 
> Both addresses are placed on the same "cable" from my host.
> 
> Each public IP address has 2 servers connected to it:
> 
> 195.215.1.10 port 80 --> 192.168.1.1
> 195.215.1.10 port 25 --> 192.168.1.2
> 195.215.1.10 port 110 --> 192.168.1.2
> 
> 195.215.1.11 port 80 --> 192.168.1.3
> 195.215.1.11 port 25 --> 192.168.1.4
> 195.215.1.11 port 110 --> 192.168.1.4
> 
> Today I have a router placed on each public IP address. The two
> routers WAN interface is connected to a switch where my hosts
"cable"
> is also connected.

This is going to be a long one so lets get started with a diagram...

[HOST SWITCH]
      |
     WAN (Static IP: 195.215.1.10)
      |
   m0n0wall
      |
     LAN (Static IP: 192.168.1.254)
    // \\
    HOSTS

Hosts are:
SV1 192.168.1.1
SV2 192.168.1.2
SV3 192.168.1.3
SV4 192.168.1.4

Assumptions:
You did not supply the Subnet mask and Gateway for WAN, I assume you
have this information. LAN hosts will use the m0n0wall LAN IP as
Gateway. The default Subnet Mask on the m0n0wall is 255.255.255.0. I
also assume you are using the "Current" version (i.e. 1.11).

1) You should create Aliases for these Hosts, this will make NAT and
firewall rule creation easier. (You can use real names not SVx - just
substitute correct name in rules below)

2) Add the second public IP (195.215.1.11) to the Proxy ARP and to
Server NAT with a description of "Second IP"

3) Create the following 6 Inbound NAT rules:
    1) Interface:  WAN
       External address:  Interface address
       Protocol:  TCP
       External port range  from:    HTTP to:    HTTP
       NAT IP:  SV1  
       Local port:  HTTP
       Description: Web to SV1  
       Check the "Auto-add a firewall rule" Check box

    2) Interface:  WAN
       External address:  Interface address
       Protocol:  TCP
       External port range  from:    SMTP to:    SMTP
       NAT IP:  SV2  
       Local port:  SMTP
       Description: SMTP to SV2
       Check the "Auto-add a firewall rule" Check box

    3) Interface:  WAN
       External address:  Interface address
       Protocol:  TCP
       External port range  from:    POP3 to:    POP3
       NAT IP:  SV2  
       Local port:  POP3
       Description: POP3 to SV2
       Check the "Auto-add a firewall rule" Check box

    4) Interface:  WAN
       External address:  195.215.1.11 (Second IP)
       Protocol:  TCP
       External port range  from:    HTTP to:    HTTP
       NAT IP:  SV3  
       Local port:  HTTP
       Description: Web to SV3  
       Check the "Auto-add a firewall rule" Check box

    5) Interface:  WAN
       External address:  195.215.1.11 (Second IP)
       Protocol:  TCP
       External port range  from:    SMTP to:    SMTP
       NAT IP:  SV4  
       Local port:  SMTP
       Description: SMTP to SV4  
       Check the "Auto-add a firewall rule" Check box

    6) Interface:  WAN
       External address:  195.215.1.11 (Second IP)
       Protocol:  TCP
       External port range  from:    POP3 to:    POP3
       NAT IP:  SV3  
       Local port:  POP3
       Description: POP3 to SV4 
       Check the "Auto-add a firewall rule" Check box

Before the Server NAT is added there is *ONLY* "Interface Address" as
a choice in the External Address drop-down menu. Blue field on Inbound
NAT form (and anywhere else) means you can enter an Alias. If you need
to change the IP of a host, just edit the Alias...
_________________________________
James W. McKeand