I am new to m0n0wall - I wrote an IPTables firewall from scratch once,
though, so this is not entirely uncharted territory for me.
Congratulations to the developers - this is wonderful software.
I have two questions...
1) IP alias addresses.
My ISP assigns me a small block of static addresses that must all be on
the WAN interface of my firewall. I read the mailing list archives,
and found out that I could use the exec.php page of the GUI to give me
a command line. From there I used ifconfig to bring up the aliases on
Then I entered them in the 1:1 NAT section, mapping them to DMZ
addresses. I haven't tested yet to see if anything actually works..
However, I was surprised to find on a restart that those IP alias
addresses were still up! (as reported by ifconfig). I didn't have to
reenter them using the exec.php page. Why is this? Did listing them
in the 1:1 NAT section take care of bringing them up when the system
2) A rule question for 1:1 NAT...
Lets say I have a firewall with two interfaces:
WAN 220.127.116.11 - also has an IPalias 18.104.22.168
DMZ iface 22.214.171.124/24 --> on this DMZ net segment is a host ->
and I do 1:1 NAT mapping 126.96.36.199 -> 192.168.0.50
To allow http (port 80) traffic ONLY to 192.168.0.50, I need to write
two rules, right?
First rule - allows port 80 to enter the firewall WAN address
(ipfilter syntax sort of)
pass in quick on WAN proto TCP from any port = any to 188.8.131.52 port =
80 keep state
Second rule - allows the NATted traffic to enter the DMZ address
pass in quick on DMZ proto TCP from 184.108.40.206 port = any to
192.168.0.50 port = 80 keep state
Does this look right?