[ previous ] [ next ] [ threads ]
 From:  "James McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] MonoWall behind MonoWall
 Date:  Mon, 5 Sep 2005 10:22:15 -0500
Mark Wass wrote:
> Hello All
> I am installing MonoWall as in the following configuration.
  Internet--->[WAN] MW1 [LAN]--->[WAN] MW2 [LAN]---> LAN 
                                     Web Server  
> The Web Server has a real world IP
> MonoWall1 has a real world IP on both WAN and LAN
> MonoWall2 has a real world IP on the WAN
> My question is, do I have to set-up NAT rules (and resultant firewall
> rules) on MonoWall1 to access services on the Web server. 

With If you want any thing to pass MW1 you will have to set rules.
> Can I turn NAT off? altogether on MonoWall1

Yes, Advanced Outbound NAT enabled with no rules defined

> I also have services running in the network, port
> forwarding rules on MonoWall2 allow these services through. If I want
> to allow access to these service from the internet do I port foward
> on MonoWall1 and set the destination to be the WAN on MonoWall2?   

What is the purpose of two m0n0walls? Would a single m0n0wall with an
OPT1 interface (i.e. third NIC) bridged to WAN serve the same purpose? 

James W. McKeand

P.s. I took liberties with your graphic to fix wrapping issues - did I
mess it up?