[ previous ] [ next ] [ threads ]
 
 From:  "Michael Lester" <mlester at fastrans dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Yet another question about multiple IPs on WAN
 Date:  Thu, 30 Jun 2005 14:18:11 -0500 
All:
 
I have read the archives, and I know this has been brought up several
times before, but please hear me out.  The general attitude seems to be
that you should never need to have multiple IPs assigned to your WAN
interface and that it can always be done through NAT in some way
(mentioned at http://m0n0.ch/wall/docbook/faq-ipalias.html).  I don't
know if my case is special, or if I'm just not understanding something.
 
Our network consists of xx.xx.152.0 - xx.xx.155.255.  My upstream
provider has a Cisco router at xx.xx.152.1.  This will be my m0n0 box's
default gateway.  The old network setup used two linux firewalls (one
for internal, one for DMZ).  The upstream Cisco splits incoming traffic
between the two firewalls.  It routes some traffic to xx.xx.152.2 and
some to xx.xx.152.3.  If I set my m0n0 box's WAN ip to be xx.xx.152.2, I
lose all the traffic routed to xx.xx.152.3.  
 
I need m0n0 to recognize traffic that comes in on either xx.xx.152.2 or
xx.xx.152.3 as being WAN traffic.  Then, it routes it to the DMZ or to a
NATed service on the internal net or whatever.
 
Does this make sense?  I can provide a complete diagram of the network
if it would help.
 
Thanks for all your assistance!
 
-Mike Lester