[ previous ] [ next ] [ threads ]
 
 From:  "Jeff Lorenzini" <jlorenzini at stratacare dot com>
 To:  "Chet Harvey" <chet at pittech dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Help configuring m0n0wall
 Date:  Thu, 3 Nov 2005 15:04:07 -0800
Thanks for the quick reply.

The DHCP server is monowall, and you set up what IP it should use.
That's all I meant there.

The two servers will both be hosting the same services, http for
example, but with different external IP's. One server is hosting https
on a separate IP as well. So it has two external IP's, one for https,
one for everything else.

I'm thinking I should simplify my question, though:

How do you set up monowall for DHCP clients and a single web server with
a static external IP (so the firewall only needs to forward port 80)?

Thanks,

_/eff lorenzini
a certified industry figure since 1996
http://www.jeffcertified.com




-----Original Message-----
From: Chet Harvey [mailto:chet at pittech dot com] 
Sent: Thursday, November 03, 2005 2:29 PM
To: Jeff Lorenzini
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Help configuring m0n0wall

I think I am a little confused on one part. Why would a DHCP server need
an
external IP address if it is assigning IPs for internal users?

as for NAT'ting, NAT is used to map an external "port" such as 80 to an
internal
address. For example, your WAN IP addy is 10.10.10.1 and you want anyone
who
goes to that addy on port 80 to get served up web content from your
internal web
server that has the addy of 192.168.1.5.

Here you would NAT the WAN interface port 80 to the internal addy
192.168.1.5 on
port 80.

1:1 is IP to IP mapping. Sounds like this is what you want to use.

Now my question for you is this...do these 2 other servers (not the DHCP
one)
serve up external access on the same ports, meaning are they both web
servers or
is one web and the other mail?

If they are seperate, I would NAT. Just because you have 16 addresses
doesn't
mean you have to use them. 


Chet Harvey
Pitbull Technologies <http://www.pittech.com/> 
Protecting your Digital Assets



Quoting Jeff Lorenzini <jlorenzini at stratacare dot com>:

> Hi,
> 
> I have what I hope is a common configuration, and I'm hoping somebody
> can tell me how to configure m0n0wall to support it.
> 
> I have 16 static IP's from my ISP, and I'm using three of them:
> 
> 2 servers with their own static IPs
> 1 static for DHCP clients to access the internet
> 
> I have set things up to support this with the firewall rules for the
> servers, that part was easy. But the NAT configuration has me
confused.
> I'm not sure where I should add entries for the servers and for the
DHCP
> clients. I have been playing with the settings and have gotten the
DHCP
> clients to access the internet, but the servers cannot. This is just
> bringing up google on a browser, not so much dealing with opening
ports
> in the firewall yet.
> 
> So, should I use the 1:1 or some other NAT type for the servers? 
> 
> Can anybody give me a clue as to how something like this should be set
> up?
> 
> Thanks,
> 
> _/eff lorenzini
> a certified industry figure since 1996
> http://www.jeffcertified.com
> 
> 
> 
>