On Fri, 11 Feb 2005 03:35:28 +0800, Onkar Joshi <onkar dot zoshi at gmail dot com> wrote:
> I am the system administrator of this small company with 40 users. We
> host our own email and web server. I only have a basic understanding
> of networking.
> We currently use a 3com Officeconnect firewall, and I want to give the
> monowall a spin, and hopefully switch to it.
> My company has two ip addresses ranges from our ISP, 220.127.116.11 to
> 18.104.22.168 and 22.214.171.124 to 126.96.36.199.
> Currently, our router has ip 188.8.131.52 and the WAN interface of
> our 3com firewall has the address 184.108.40.206
> The LAN interface has the ip 220.127.116.11.
> The DHCP server on our LAN gives out ips in the range 18.104.22.168 to
> 22.214.171.124, with netmask 255.255.255.0 instead of 255.255.255.240,
> excluding the actual public ips given to us by the ISP. Our email
> server and our web server are given these ips.
> now, when I set up the 3com firewall, I set it up to have a 1:1 NAT
> from 126.96.36.199(16) -> 188.8.131.52(16)
1:1 NAT'ing public to public isn't the appropriate way to set this up.
You need to:
- set m0n0wall's LAN IP to a public IP within your LAN subnet
- set your LAN hosts to use that LAN IP as their default gateway
- under Firewall -> NAT, Outbound tab, check the "Enable advanced NAT"
box, and hit Save.
Then everything should work fine. To ensure none of the remnants of
your existing configuration bite you while trying to get this working,
I'd strongly suggest resetting the configuration to factory defaults
and starting the configuration over from scratch.