[ previous ] [ next ] [ threads ]
 
 From:  "Jonathan De Graeve" <Jonathan dot De dot Graeve at imelda dot be>
 To:  <tech at adaptive dot net>
 Cc:  "m0n0wall" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Problem setting up DMZ for public IPs
 Date:  Mon, 12 Dec 2005 21:14:22 +0100
Assign a /31 (P2P) between the ISP router and your own (you don't need
broadcast in this segment)

Define the /24 to your local net (or dmz) and use proxyarp for the ip of
the ISP's router. The ISP router has to have a static route for the /24
to your m0n0wall router. Not the ideal solution (another ip net for your
isp-m0n0wall would be nice) but it will work.

Another solution is to ask if your ISP would allow private ip for the
inter-connect. I've seen ISP's doing this to save public ip's. Or you
could ask a small range from your isp.

But 1 question, why do you need the full /24 to be behind your m0n0wall?
Subnet your class c and think about it very carefully.

J.

> -----Oorspronkelijk bericht-----
> Van: tech at adaptive dot net [mailto:tech at adaptive dot net]
> Verzonden: maandag 12 december 2005 20:55
> Aan: m0n0wall at lists dot m0n0 dot ch
> Onderwerp: Re: [m0n0wall] Problem setting up DMZ for public IPs
> 
> But how?
> 
> i cant change routing, and only have the one class-c.
> 
> 
> ~~~~~~~~~~~~~
> 
> 
> ----- Original Message -----
> From: "Paul Taylor" <PaulTaylor at winn dash dixie dot com>
> To: <tech at adaptive dot net>; <m0n0wall at lists dot m0n0 dot ch>
> Sent: Monday, December 12, 2005 1:45 PM
> Subject: RE: [m0n0wall] Problem setting up DMZ for public IPs
> 
> 
> >
> > Generally, you'd want to set it up so that you have a very small
address
> > range to have on your WAN segment.. Then, have your full class C on
the
> > DMZ
> > side...
> >
> > -----Original Message-----
> > From: tech at adaptive dot net [mailto:tech at adaptive dot net]
> > Sent: Monday, December 12, 2005 1:41 PM
> > To: m0n0wall at lists dot m0n0 dot ch
> > Subject: [m0n0wall] Problem setting up DMZ for public IPs
> >
> > I've got a full Class C that i'm trying to put a monowall firewall
(Pc
> CD)
> > in front of, lets call my network class c: 123.123.123.0/24
> >
> > - i've got 3 NICs setup as WAN LAN DMZ
> > - lets call my router 123.123.123.1 connected to WAN
> > - my monowall 123.123.123.2
> > - my network layer 2 switch connected to DMZ port
> > - all my servers i want to have as public IP addresses.
> > - and my servers are 123.123.123.3- 123.123.123.254
> > - all on a /24 mask
> > - for simplicity, lets say only ports 80 to pass through
> >
> > how in the world do i set up my DMZ to allow it to have public IPs
on
> it?
> > i cant figure out whether to use bridging, static routes, NAT, 1:1
NAT,
> > etc
> >
> > the other confusion i have, is what is the difference between the
WAN
> LAN
> > DMZ tabs on the web Rules GUI vs the WAN LAN DMZ "source" drop down
> menu.
> > seems like an oxymoron that i can define a DMZ rule but specify the
LAN
> > port
> >
> > as the source.
> >
> > thanks from a firewall n00b
> >
> >
> >
---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> >
> >
> > --
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.1.371 / Virus Database: 267.13.13/198 - Release Date:
> > 12/12/2005
> >
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>