Re: [m0n0wall] NAT

From:	Chris Buechler <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] NAT
Date:	Fri, 4 Nov 2005 09:55:40 -0500

On 11/4/05, Marcin <mpp at poczta dot onet dot pl> wrote:
> Hello
> Somebody help me ... please:)
> I want to try build router o m0n0, everything is quite clear for me but i have hard problem with
NAT.
> I'd like to set up NAT like I've on my freebsd router:
>
> (this is sample from my router - ipnat.rules)
> map rl0 10.1.1.10/32 -> WAN-IP/32
> map rl0 10.1.1.11/32 -> WAN-IP/32
> map rl0 10.1.1.12/32 -> WAN-IP/32
> map rl0 10.1.1.13/32 -> WAN-IP/32
> map rl0 10.1.1.14/32 -> WAN-IP/32
>
> How to do this on m0n0 ?
>

don't use NAT hacks for a firewall's job.  This should be feasible
with advanced outbound NAT, but don't do it that way.

If you want only those IP's to be able to get to the Internet, put in
firewall rules to allow them to anywhere, then if you want the rest of
the LAN IP's to be able to get to the DMZ, put in a rule allowing the
LAN subnet to the DMZ subnet.  everything else will be denied.

-Chris