[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] 1:1 NAT works ok, but there's a catch?
 Date:  Fri, 18 Nov 2005 14:58:52 -0600
brett at woollum dot com wrote:
> Hi all! I have recently installed monowall and it is AWESOME! I do
> have one question, however. First I will describe my setup.
> 
> I have 5 static IP addresses from DSLExtreme. They are not a routed
> subnet, simply 5 different addresses. Let's use the following:
> x.193
> x.198
> x.205
> x.209
> x.251
> 
> These are all entered into the 1:1 NAT area and when I use the net
> with a certain machine that I mapped it is working with the proper
> Public IP. For instance I can go to http://www.whatismyip.com on the
> server and it shows x.251, on the laptop it's x.205 etc.. So far it's
> working great!
> 
> Now I need to be able to route port 80 to the server if it's comming
> from x.251, 80 to the laptop if it's coming from x.205, etc. I need to
> do more than 80, but you get the idea.
> 
> I went to Firewall:NAT:Imcoming and entered port 80 and then the
> server's IP. It asks for the interface but the only option is active
> interface (or whatever the default is). Now I can browse from outside
> my network to ANY of my public IP's and they all go to the server -
> but I only want x.251 to go to the server!

I don't think you would use Inbound NAT Rules to accomplish this. If you
wanted to use Inbound NAT Rules you would use Server NAT to list these
"additional" IPs. The down side would be that the packets coming from
these servers would have the same IP address (WAN interface IP).

I think you will need to be working in the Firewall Rules area. I'm not
sure how the rules should be written (what interface, source,
destination, etc.), maybe someone else will pipe up with an answer...

_________________________________
James W. McKeand