|
||||||||||
Thanks I think I understand now. - Don On Tue, 15 Mar 2005 20:52:38 -0500, Chris Buechler <cbuechler at gmail dot com> wrote: > On Tue, 15 Mar 2005 15:59:00 -0500, Don Munyak <don dot munyak at gmail dot com> wrote: > > Chris, > > > > I configure Firewall:NAT 1:1 as you suggested. > > > > interface | ext-IP | int-IP | desc > > WAN | aa.43.155.34/32 | 192.168.1.10 | www > > WAN | aa.43.155.35/32 | 192.168.1.11 | www > > WAN | aa.43.155.36/32 | 192.168.1.12 | mail > > > > Each private IP is a separate box. > > > > Looks fine. > > > > Now on the Firewall:Rules tab, should I set up: > > > > WAN interface > > proto | source | port | dest | port | desc > > tcp | any | 80 | aa.43.a55.34 | 80 | www server > > tcp | any | 80 | aa.43.a55.35 | 80 | www server > > tcp | any | 25 | aa.43.a55.36 | 25 | smtp > > tcp | any | 110 | aa.43.a55.36 | 110 | pop3 > > > > Source port needs to be any, not 80 or 110. Source is not the same as > destination port. > > > > > > LAN Interface > > proto | source | port | dest | port | desc > > tcp | aa.43.a55.34 | 80 | 192.168.1.34 | 80 | www server > > tcp | aa.43.a55.35 | 80 | 192.168.1.35 | 80 | www server > > tcp | aa.43.a55.36 | 25 | 192.168.1.36 | 25 | smtp > > tcp | aa.43.a55.36 | 110 | 192.168.1.36 | 110 | pop3 > > > > Those are all unnecessary. > > > > I also added a third NIC for a DMZ to move the servers eventually. > > > > I read the link to the doc page and tried to follow along, but I am > > still a little fuzzy on which interface to add the rules. > > > > Rules are always applied to the interface the traffic will be coming > into, in this case the WAN. > > > If this is a little unclear, I can email you my config.xml > > > > If what I said above doesn't help, that might help. > > -Chris > |