[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Don Munyak <don dot munyak at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] help with FW behind router
 Date:  Tue, 15 Mar 2005 20:52:38 -0500
On Tue, 15 Mar 2005 15:59:00 -0500, Don Munyak <don dot munyak at gmail dot com> wrote:
> Chris,
> 
> I configure Firewall:NAT 1:1 as you suggested.
> 
> interface | ext-IP | int-IP | desc
> WAN | aa.43.155.34/32 | 192.168.1.10 | www
> WAN | aa.43.155.35/32 | 192.168.1.11 | www
> WAN | aa.43.155.36/32 | 192.168.1.12 | mail
> 
> Each private IP is a separate box.
> 

Looks fine.  


> Now on the Firewall:Rules tab, should I set up:
> 
> WAN interface
> proto | source | port | dest | port | desc
> tcp | any | 80 | aa.43.a55.34 | 80 | www server
> tcp | any | 80 | aa.43.a55.35 | 80 | www server
> tcp | any | 25 | aa.43.a55.36 | 25 | smtp
> tcp | any | 110 | aa.43.a55.36 | 110 | pop3
> 

Source port needs to be any, not 80 or 110.  Source is not the same as
destination port.


> 
> LAN Interface
> proto | source | port | dest | port | desc
> tcp | aa.43.a55.34 | 80 | 192.168.1.34 | 80 | www server
> tcp | aa.43.a55.35 | 80 | 192.168.1.35 | 80 | www server
> tcp | aa.43.a55.36 | 25 | 192.168.1.36 | 25 | smtp
> tcp | aa.43.a55.36 | 110 | 192.168.1.36 | 110 | pop3
> 

Those are all unnecessary.  


> I also added a third NIC for a DMZ to move the servers eventually.
> 
> I read the link to the doc page and tried to follow along, but I am
> still a little fuzzy on which interface to add the rules.
> 

Rules are always applied to the interface the traffic will be coming
into, in this case the WAN.

> If this is a little unclear, I can email you my config.xml
> 

If what I said above doesn't help, that might help.  

-Chris