On 6/22/05, Dmitry Sorokin <dimon at intellinet dot ca> wrote:
> > Just set it up exactly the same way you'd set up an interface with
> > private IP's, except enable advanced outbound NAT so everything
> > outbound doesn't get NAT'ed.
> > Or, if you want, leave a private subnet on the OPT1 side and 1:1 NAT
> > it. It'd be less trouble to leave public IP's on OPT1, so you don't
> > have to put in a bunch of 1:1.
> Is there any way to do the same thing that Daniel asked, but also with NAT'ed
> LAN interface with private addresses? Basically I have one public static IP
> address for WAN interface (XXX.XXX.XXX.134), I have public XXX.XXX.YYY.32/29
> subnet for hosting web and mail server (would be an OPT1 interface), and I have
> LAN subnet for office workstations. I want mail and web servers to be
> accessible from both outside and from LAN. Can that be done without using 1:1?
Yeah, just enable advanced outbound NAT (so the public IP hosts'
return traffic doesn't get NAT'ed, which will break everything) and
add a NAT rule for any interfaces with private IP subnets so they do
get NAT'ed. Assign the OPT interface with one of those public IP's,
and setup the other systems with public IP's with that OPT IP as their
gateway. Configure the firewall rules as you desire on OPT and WAN,
and it should all work.