Re: [m0n0wall] NAT with public IP adresses

From:	"Christopher M. Iarocci" <iarocci at eastendsc dot com>
To:	Andreas <a dot breuer at gmx dot de>
Cc:	"m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] NAT with public IP adresses
Date:	Wed, 10 Dec 2003 16:14:07 -0500

Andreas wrote:

>hi there,
>
>i want to connect some internal servers to the internet with nat.
>
>if i use the 1:1 nat i can't map the destination port of the destionation server.
>i try to use the inbound nat but it seems to work at the wan ip of m0n0wall only.
>i'm confused about that, are there some gaps in my knowledge about who m0n0wall works.
>
>what happend if i connect m0n0wall an another computer at the same time to my router (of course,
there's a switch between). 
>can i use 4 ip's with m0n0wall and 1 with the other computer or has m0n0wall to be the only
computer between my lan and the router?
>
>
>
>  
>
m0n0wall IS a router.  You wouldn't put it behind another router, that 
would be silly unless that router has a public Subnet on the LAN side of 
it, in which case, then yes, you could do that.  Of course, that would 
leave the computer you are speaking about on a public IP, totally 
unprotected.  In which case, I'd recommend putting them all behind 
m0n0wall.  1:1 Nat seems to be what you want though if you can assign 
the public IPs directly to the m0n0wall.  I think once you do 1:1 Nat, 
there is no reason to map ports, only enter firewall rules to allow the 
traffic because if you map 1:1 Nat, you're already telling m0n0wall to 
map all ports from public IP #1 to private IP #1.

Chris