On 11/4/05, Marcin <mpp at poczta dot onet dot pl> wrote:
> Somebody help me ... please:)
> I want to try build router o m0n0, everything is quite clear for me but i have hard problem with
> I'd like to set up NAT like I've on my freebsd router:
> (this is sample from my router - ipnat.rules)
> map rl0 10.1.1.10/32 -> WAN-IP/32
> map rl0 10.1.1.11/32 -> WAN-IP/32
> map rl0 10.1.1.12/32 -> WAN-IP/32
> map rl0 10.1.1.13/32 -> WAN-IP/32
> map rl0 10.1.1.14/32 -> WAN-IP/32
> How to do this on m0n0 ?
don't use NAT hacks for a firewall's job. This should be feasible
with advanced outbound NAT, but don't do it that way.
If you want only those IP's to be able to get to the Internet, put in
firewall rules to allow them to anywhere, then if you want the rest of
the LAN IP's to be able to get to the DMZ, put in a rule allowing the
LAN subnet to the DMZ subnet. everything else will be denied.