[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Allan Mogensen <allan at 1966 dot dk>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] DMZ and public ip problem
 Date:  Tue, 15 Mar 2005 23:28:50 -0500
On Fri, 11 Mar 2005 11:27:31 +0100, Allan Mogensen <allan at 1966 dot dk> wrote:
> 
> However i cannot figure out the way to configure the DMZ with public ip's on
> the m0n0 FW..
> 

You can use 1:1 or Server NAT, but you can also use public IP's on
your DMZ segment.


> My current ip setup:
> WAN: 80.132.160.246 (Static IP from ISP)
> GW: 80.132.160.245
> 
> DMZ: 83.90.91.240/28 (assigned from ISP) - i'm not 100% sure, but my guess
> is that the ISP routes all traffic to my static IP..
> 
> LAN: 192.168.1.0/24
> 
> In my current firewall the DMZ setup is configured like this:
> DMZ I/F in firewall: 83.90.91.241 (which is also default gateway for DMZ
> machines)
> 
> I have replicated this setup to M0n0:
> DMZ I/F IP: 83.90.91.240/28
> By browsing the doc's i found that i need to Enable Advanced Outbound NAT in
> order to disable NAT for the DMZ
> 
> Nothing is changed on the DMZ machines, default gateway is still
> 83.90.91.241
> 

The gateway on the DMZ machines needs to be the same as the IP on the
m0n0wall DMZ interface, so the m0n0wall DMZ interface needs to be
.241.  Sounds like you have it as .240.  Sounds like you did
everything else fine.

-Chris