Re: [m0n0wall] Two HTTP servers behind m0n0wall -- confused about how to set up m0n0wall

From:	Paul Furbacher <pfurbacher at mac dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Two HTTP servers behind m0n0wall -- confused about how to set up m0n0wall
Date:	Fri, 18 Mar 2005 23:41:43 -0500

On Friday, March 18, 2005, at 02:58  AM, Vincent Fleuranceau wrote:

> Paul,
>
> Does it work now?

Interesting that you should ask.  We just had our networking
contractor in this afternoon to help set it up.  He banged his
head on it for long enough to make me feel as though it wasn't
just me.  (He's the one who suggested that we go with m0n0wall
and the Soekris net4501; he's using m0n0wall at home.)

Finally, he had the idea to try setting Proxy ARP,
and what do you know, that worked.  I had assumed that since
I saw nothing in the PIX firewall printout related to that,
I wouldn't have to play with it.  Turns out that the PIX
does things differently by using

   static (inside, outside) aaa.bbb.ccc.240 ...

Here's what we ended up with, just for the archives:

Server NAT

aaa.bbb.ccc.240 | LIMS 1
aaa.bbb.ccc.242 | LIMS 2

Inbound

WAN | TCP | 80 (HTTP) | xxx.yyy.zzz.20 (ext.: aaa.bbb.ccc.240) | 80 
(HTTP) | Web Access to LIMS 1
WAN | TCP | 80 (HTTP) | xxx.yyy.zzz.18 (ext.: aaa.bbb.ccc.242) | 80 
(HTTP) | Web Access to LIMS 2

Rules

TCP  *  *  xxx.yyy.zzz.20  80 (HTTP)  NAT Web Access to LIMS 1
TCP  *  *  xxx.yyy.zzz.18  80 (HTTP)  NAT Web Access to LIMS 2

Proxy ARP

Network : aaa.bbb.ccc.238-aaa.bbb.ccc.244

(We actually have more servers listening on other ports, as
evidenced by the range.  However, in my initial message, I wanted
to strip things down to the bare minimum setup, i.e., with just
two HHTP servers.)

Thanks for following up.

Paul Furbacher