Re: [m0n0wall] Hardware Nexcom NSA 1030I-1, will it run?

From:	Raphael Maunier <raphael at maunier dot net>
To:	m0n0wall at lists dot m0n0 dot ch
Cc:	Maarten Poell <maarten dot poell at gmail dot com>
Subject:	Re: [m0n0wall] Hardware Nexcom NSA 1030I-1, will it run?
Date:	Sat, 09 Apr 2005 12:18:43 +0200

Maarten Poell wrote:

>Raphael,
>  
>
Maarten,

>The subnet's are from one operator.
>Both of the subnets will be routed to m0n0wall.
>So I want the wan ip adress to listen to both subnets (like ip aliasing)
>  
>

If you want Monowall to answer all request from the net you have to 
setup nat and probably use One-2-one nat.
If you want to setup ips diretly on all station, you have to disable nat.
You can also setup one subnet for 1 interface for the DMZ without nat, 
and use RFC1918 ips on the lan interface and use one2one nat for 
specific servers/admin station on your lan side.

>Then I want to setup per ip the different firewall rules.
>  
>
For incoming rules.. With nat, outgoing rules will also work

>So I think I don't need any NAT because these public ip adresses are routable.
>  
>
nope, but if it's for internet basic usage, you should use nat, and only 
for specific application, use public ips

>But I will test it when I ordered the hardware.
>  
>
That's will be a good start :)

Raphaël