[ previous ] [ next ] [ threads ]
 
 From:  Chet Harvey <chet at pittech dot com>
 To:  Jeff Lorenzini <jlorenzini at stratacare dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Help configuring m0n0wall
 Date:  Thu, 3 Nov 2005 17:29:21 -0500
I think I am a little confused on one part. Why would a DHCP server need an
external IP address if it is assigning IPs for internal users?

as for NAT'ting, NAT is used to map an external "port" such as 80 to an internal
address. For example, your WAN IP addy is 10.10.10.1 and you want anyone who
goes to that addy on port 80 to get served up web content from your internal web
server that has the addy of 192.168.1.5.

Here you would NAT the WAN interface port 80 to the internal addy 192.168.1.5 on
port 80.

1:1 is IP to IP mapping. Sounds like this is what you want to use.

Now my question for you is this...do these 2 other servers (not the DHCP one)
serve up external access on the same ports, meaning are they both web servers or
is one web and the other mail?

If they are seperate, I would NAT. Just because you have 16 addresses doesn't
mean you have to use them. 


Chet Harvey
Pitbull Technologies <http://www.pittech.com/> 
Protecting your Digital Assets



Quoting Jeff Lorenzini <jlorenzini at stratacare dot com>:

> Hi,
> 
> I have what I hope is a common configuration, and I'm hoping somebody
> can tell me how to configure m0n0wall to support it.
> 
> I have 16 static IP's from my ISP, and I'm using three of them:
> 
> 2 servers with their own static IPs
> 1 static for DHCP clients to access the internet
> 
> I have set things up to support this with the firewall rules for the
> servers, that part was easy. But the NAT configuration has me confused.
> I'm not sure where I should add entries for the servers and for the DHCP
> clients. I have been playing with the settings and have gotten the DHCP
> clients to access the internet, but the servers cannot. This is just
> bringing up google on a browser, not so much dealing with opening ports
> in the firewall yet.
> 
> So, should I use the 1:1 or some other NAT type for the servers? 
> 
> Can anybody give me a clue as to how something like this should be set
> up?
> 
> Thanks,
> 
> _/eff lorenzini
> a certified industry figure since 1996
> http://www.jeffcertified.com
> 
> 
> 
>