I am still trying to work through this so if something doesn't make
sense, it's either because I'm not sure or I didn't do a good job of
I would like to use introduce m0n0wall into our network as a second
layer of physical defense. We have a group of public servers, web and
email. We have a public subnet range of 14 useable IP's. We are not
using all of them currently.
Existing public access is gained by NAT'ing Public IP's to
non-routeable Private IP's for a given server and limiting the
Protocol used for public access. Once I figure out some of the pieces
I need to forward inbound requests, I will probably re-work the
The Cisco Border Router is configured as such:
>>> EXISTING Config:
xx.43.154.230 / 255.255.255.252
xx.43.155.33 / 255.255.255.240
192.168.222.1 / 255.255.255.0 secondary
ip nat inside source static 192.168.222.18 xx.43.155.45
ip nat inside source static 192.168.222.2 xx.43.155.43
ip nat inside source static 192.168.222.40 xx.43.155.41
ip nat inside source static 192.168.222.9 xx.43.155.39
-- REMARK Reflexive ACL applied to s0 interface
ip access-list extended InboundFilters
permit tcp any host xx.43.155.45 eq smtp
permit tcp any host xx.43.155.45 eq pop3
permit tcp any host xx.43.155.45 eq 32000
Where I'd like to go.
>>> NEW Config:
Router (s0.744) x.43.154.230
Router (e0) x.43.155.33
Firewall (e1) x.43.155.46 (???)
Firewall (e0) 192.168.222.1
- Need to route incoming requests to public servers behind firewall.
- NAT overload question. currently, the LAN uses a NAT overload
(sharing one Public IP) for outbound traffic.
- Allow outbound only passive ftp from LAN hosts to remote FTP servers
1. I am not sure how to route specific IPs to the LAN side of m0n0wall.
2. How would you configure the router to forward requests for hosts on
3. I am very confused by 1:1 vs NAT Server
4. I have tried to use the doc's to help understand this but must be
having a brain-fart.
This is a real business project for me. I would be glad to help create
a real-world "HOW-TO" for the documentation project. My particular
topology I would assume is pretty common for small businesses.