|
||||||||||
Chris, What do you mean "add a NAT rule for any interfaces with private IP subnets so they do get NAT'ed" ? How would this be done? sai On 6/23/05, Chris Buechler <cbuechler at gmail dot com> wrote: > On 6/22/05, Dmitry Sorokin <dimon at intellinet dot ca> wrote: > > > > > > Just set it up exactly the same way you'd set up an interface with > > > private IP's, except enable advanced outbound NAT so everything > > > outbound doesn't get NAT'ed. > > > > > > Or, if you want, leave a private subnet on the OPT1 side and 1:1 NAT > > > it. It'd be less trouble to leave public IP's on OPT1, so you don't > > > have to put in a bunch of 1:1. > > > > > > > Hi, > > > > Is there any way to do the same thing that Daniel asked, but also with > NAT'ed > > LAN interface with private addresses? Basically I have one public static > IP > > address for WAN interface (XXX.XXX.XXX.134), I have public > XXX.XXX.YYY.32/29 > > subnet for hosting web and mail server (would be an OPT1 interface), and I > have > > LAN subnet for office workstations. I want mail and web servers to be > > accessible from both outside and from LAN. Can that be done without using > 1:1? > > Yeah, just enable advanced outbound NAT (so the public IP hosts' > return traffic doesn't get NAT'ed, which will break everything) and > add a NAT rule for any interfaces with private IP subnets so they do > get NAT'ed. Assign the OPT interface with one of those public IP's, > and setup the other systems with public IP's with that OPT IP as their > gateway. Configure the firewall rules as you desire on OPT and WAN, > and it should all work. > > -Chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > |