[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] hard work
 Date:  Thu, 15 Sep 2005 15:20:34 -0400
On 9/15/05, Medusafusa <medusafusa at gmail dot com> wrote:
> 
> my dmz is 176.16.20.x and i have a server with theese services : 1 web  2 ftp 3 mail and 4 sql
> my wan is xdsl and i have a pool of fix adresses 82.75.157.32 with subnet 255.255.255.248 ( from
32 to 39 ) the router is my gateway 82.75.157.33 and now mono is 82.75.157.34
> I registered a domain and i set up dns to point to one of my local ips for example 82.75.157.34 (
so if i ping my domain ping are redirected to my local mono )


You have 10 DMZ hosts, though I'd imagine the SQL boxes don't need to
be accessed directly from the Internet (or they shouldn't be at least,
opening SQL to the Internet is a bad idea).  I'd setup 1:1 NAT's to
the FTP, web, and mail servers, which you have enough IP's to do. 
Make sure you enable proxy ARP on those IP's too.  Then setup firewall
rules on the WAN to allow the inbound protocols you need.

One side comment - 4 SQL boxes in the DMZ when you have 1 web server
(assuming they're for a web application and that's why they're in the
DMZ) seems really excessive.

For incoming mail delivery, you need at least one MX record for your
domain in DNS.  If your domain is example.com, set up an A record for
mail.example.com pointing to the 1:1 NAT public IP you setup to the
mail server, and add a MX record to your domain pointing to
mail.example.com.  Add a firewall rule on the WAN allowing SMTP
traffic to the private IP of your mail server, then your email will
work (assuming the mail server is setup correctly).

-Chris