[ previous ] [ next ] [ threads ]
 
 From:  "Neil A. Hillard" <m0n0 at dana dot org dot uk>
 To:  Kamil dot Wencel at hvbpensionsfonds dot de
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: AW: AW: AW: [m0n0wall] How many ports?
 Date:  Thu, 9 Jun 2005 21:11:08 +0100
Kamil,

In message
<CE66087981B7CF42A1A76F094291D6AD047C35 at exchange dot intern dot hvb-pensionsfonds
.de>, Kamil dot Wencel at hvbpensionsfonds dot de writes
>If I understood former discussions correctly I cannot use filtered
>bridge mode because I would never again be
>able to connect to my DMZ hosts from my LAN. How am I supposed to set
>up something like that ?
>For testing purposes I set up something like that and tried to use 1:1
>NAT to reach a DMZ box via ssh.
>But it did not work out. Any ideas would be greatly appreciated.
No.  You can certainly connect to devices on an OPT interface bridged to
the WAN.

I have a SIP server on OPT1, bridged to WAN.  That way my internal
clients and my SIP peers can communicate with my SIP server without any
form of NAT being involved.

I have had this set up for a couple of months without any problems.

Just bridge OPT1 with the WAN, and start using your valid external IP
addresses on OPT1 (remembering that your default gateway will be
m0n0wall's _WAN_ IP address !!!) and don't forget to set 'Enable
filtering bridge' and add the appropriate rules as needed.  You'll also
need to set 'Enable advanced outbound NAT' so that your LAN clients
don't get NAT'd on their way to OPT1.

HTH,


                                Neil.

-- 
Neil A. Hillard                E-Mail:   neil at dana dot org dot uk
                               Web:      http://www.dana.org.uk/