[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Onkar Joshi <onkar dot zoshi at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Trying out monowall
 Date:  Thu, 10 Feb 2005 15:18:25 -0500
On Fri, 11 Feb 2005 03:35:28 +0800, Onkar Joshi <onkar dot zoshi at gmail dot com> wrote:
> Hello,
> I am the system administrator of this small company with 40 users. We
> host our own email and web server. I only have a basic understanding
> of networking.
> We currently use a 3com Officeconnect firewall, and I want to give the
> monowall a spin, and hopefully switch to it.
> My company has two ip addresses ranges from our ISP, to
> and to
> Currently, our router has ip and the WAN interface of
> our 3com firewall has the address
> The LAN interface has the ip
> The DHCP server on our LAN gives out ips in the range to
>, with netmask instead of,
> excluding the actual public ips given to us by the ISP. Our email
> server and our web server are given these ips.
> now, when I set up the 3com firewall, I set it up to have a 1:1 NAT
> from ->

1:1 NAT'ing public to public isn't the appropriate way to set this up.  

You need to: 

- set m0n0wall's LAN IP to a public IP within your LAN subnet
- set your LAN hosts to use that LAN IP as their default gateway
- under Firewall -> NAT, Outbound tab, check the "Enable advanced NAT"
box, and hit Save.

Then everything should work fine.  To ensure none of the remnants of
your existing configuration bite you while trying to get this working,
I'd strongly suggest resetting the configuration to factory defaults
and starting the configuration over from scratch.