Re: [m0n0wall] FW: Public webservers behind monowall

From:	Dmitry Sorokin <dimon at intellinet dot ca>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] FW: Public webservers behind monowall
Date:	Wed, 22 Jun 2005 21:46:53 -0600

Quoting Chris Buechler <cbuechler at gmail dot com>:

> On 6/3/05, Daniel Foster <dan at melbourne dot co dot uk> wrote:
> >
> > Hi,
> >
> > I thought someone was going to come back and say that!
> >
> > Its *not* filtered bridge that I want, I need the subnet on OPT1 to be
> different to the subnet on EXT, I hope my initial question explained that?
> >
> 
> Just set it up exactly the same way you'd set up an interface with
> private IP's, except enable advanced outbound NAT so everything
> outbound doesn't get NAT'ed.
> 
> Or, if you want, leave a private subnet on the OPT1 side and 1:1 NAT
> it.  It'd be less trouble to leave public IP's on OPT1, so you don't
> have to put in a bunch of 1:1.
> 

Hi,

Is there any way to do the same thing that Daniel asked, but also with NAT'ed 
LAN interface with private addresses? Basically I have one public static IP 
address for WAN interface (XXX.XXX.XXX.134), I have public XXX.XXX.YYY.32/29 
subnet for hosting web and mail server (would be an OPT1 interface), and I have 
LAN subnet for office workstations. I want mail and web servers to be 
accessible from both outside and from LAN. Can that be done without using 1:1?
Right now I have FreeBSD machine doing all that with no problems, but I really 
like m0n0wall's WebGUI for VPN stuff.
Thanks for a good product again.

Best regards,
Dmitry

Spam detection software, running on the system "intellinet.ca", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  The office of Director of Integrated Finance Bank of
  Scotland Head office The Mound Edinburgh EH1 1YZ United Kingdom. 23
  June, 2005. For your kind attention, Request for an urgent
  assistance/investment cum joint venture. [...] 

Content analysis details:   (10.0 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.9 FROM_ENDS_IN_NUMS      From: ends in numbers
 0.8 URGENT_BIZ             BODY: Contains urgent matter
 1.6 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence between 51 and 100
                            [cf:  60]
 1.1 MAILTO_TO_SPAM_ADDR    URI: Includes a link to a likely spammer email
 0.9 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
 1.8 DCC_CHECK              Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
                [Blocked - see <http://www.spamcop.net/bl.shtml?80.179.243.2>]
 0.8 RCVD_IN_SBL            RBL: Received via a relay in Spamhaus SBL
                            [80.179.243.2 listed in sbl-xbl.spamhaus.org]