[ previous ] [ next ] [ threads ]
 From:  Raphael Maunier <raphael at maunier dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Cc:  Maarten Poell <maarten dot poell at gmail dot com>
 Subject:  Re: [m0n0wall] Hardware Nexcom NSA 1030I-1, will it run?
 Date:  Sat, 09 Apr 2005 12:18:43 +0200
Maarten Poell wrote:


>The subnet's are from one operator.
>Both of the subnets will be routed to m0n0wall.
>So I want the wan ip adress to listen to both subnets (like ip aliasing)

If you want Monowall to answer all request from the net you have to 
setup nat and probably use One-2-one nat.
If you want to setup ips diretly on all station, you have to disable nat.
You can also setup one subnet for 1 interface for the DMZ without nat, 
and use RFC1918 ips on the lan interface and use one2one nat for 
specific servers/admin station on your lan side.

>Then I want to setup per ip the different firewall rules.
For incoming rules.. With nat, outgoing rules will also work

>So I think I don't need any NAT because these public ip adresses are routable.
nope, but if it's for internet basic usage, you should use nat, and only 
for specific application, use public ips

>But I will test it when I ordered the hardware.
That's will be a good start :)