On Fri, 11 Feb 2005 03:35:28 +0800, Onkar Joshi <onkar dot zoshi at gmail dot com> wrote:
> I am the system administrator of this small company with 40 users. We
> host our own email and web server. I only have a basic understanding
> of networking.
> We currently use a 3com Officeconnect firewall, and I want to give the
> monowall a spin, and hopefully switch to it.
> My company has two ip addresses ranges from our ISP, 126.96.36.199 to
> 188.8.131.52 and 184.108.40.206 to 220.127.116.11.
> Currently, our router has ip 18.104.22.168 and the WAN interface of
> our 3com firewall has the address 22.214.171.124
> The LAN interface has the ip 126.96.36.199.
> The DHCP server on our LAN gives out ips in the range 188.8.131.52 to
> 184.108.40.206, with netmask 255.255.255.0 instead of 255.255.255.240,
> excluding the actual public ips given to us by the ISP. Our email
> server and our web server are given these ips.
> now, when I set up the 3com firewall, I set it up to have a 1:1 NAT
> from 220.127.116.11(16) -> 18.104.22.168(16)
1:1 NAT'ing public to public isn't the appropriate way to set this up.
You need to:
- set m0n0wall's LAN IP to a public IP within your LAN subnet
- set your LAN hosts to use that LAN IP as their default gateway
- under Firewall -> NAT, Outbound tab, check the "Enable advanced NAT"
box, and hit Save.
Then everything should work fine. To ensure none of the remnants of
your existing configuration bite you while trying to get this working,
I'd strongly suggest resetting the configuration to factory defaults
and starting the configuration over from scratch.