|
||||||||
Daniel Foster wrote: > Hi, > > I'm trying to setup m0n0wall to protect webservers in a colo facility. We have a /24 subnet routed to us over a /30 link. My plan was to assign an ip on the /30 to the EXT interface, and then put the /24 on the OPT1 interface, (and not use the LAN interface apart from initial config and perhaps SNMP) and have m0n0wall do the routing. We have it setup like this currently with Watchguard Fireboxes, but we're having various problems with them so i'd like to switch to m0n0 if possible. > > Is the above possible without doing 1:1 NAT and having to give the webservers private IPs? > > This setup is slightly different to the example in the documentation - we don't want m0n0 doing proxy arp sat on the same subnet as the webservers - it needs to have the whole of the /24 on the OPT1 interface > > I've tried to do this in a test environment in our office but it doesnt seem to be working properly - it could be because im simulating it with private IPs. > I think you only have to disable NAT, by activating advanced nat and not putting any NAT rules. Then put firewall rules to allow traffic you want. > Any help would be most appreciated. > > Kind Regards, > Dan Foster > |