[ previous ] [ next ] [ threads ]
 
 From:  Ugo Bellavance <ugob at camo dash route dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: Public webservers behind monowall
 Date:  Fri, 03 Jun 2005 09:03:44 -0400
Daniel Foster wrote:
> Hi,
>  
> I'm trying to setup m0n0wall to protect webservers in a colo facility.  We have a /24 subnet
routed to us over a /30 link.  My plan was to assign an ip on the /30 to the EXT interface, and then
put the /24 on the OPT1 interface, (and not use the LAN interface apart from initial config and
perhaps SNMP) and have m0n0wall do the routing.  We have it setup like this currently with
Watchguard Fireboxes, but we're having various problems with them so i'd like to switch to m0n0 if
possible.
>  
> Is the above possible without doing 1:1 NAT and having to give the webservers private IPs?
>  
> This setup is slightly different to the example in the documentation - we don't want m0n0 doing
proxy arp sat on the same subnet as the webservers - it needs to have the whole of the /24 on the
OPT1 interface 
>  
> I've tried to do this in a test environment in our office but it doesnt seem to be working
properly - it could be because im simulating it with private IPs.
>  

I think you only have to disable NAT, by activating advanced nat and not
putting any NAT rules.  Then put firewall rules to allow traffic you want.

> Any help would be most appreciated.
>  
> Kind Regards,
> Dan Foster
>