|
||||||||||
Assign a /31 (P2P) between the ISP router and your own (you don't need broadcast in this segment) Define the /24 to your local net (or dmz) and use proxyarp for the ip of the ISP's router. The ISP router has to have a static route for the /24 to your m0n0wall router. Not the ideal solution (another ip net for your isp-m0n0wall would be nice) but it will work. Another solution is to ask if your ISP would allow private ip for the inter-connect. I've seen ISP's doing this to save public ip's. Or you could ask a small range from your isp. But 1 question, why do you need the full /24 to be behind your m0n0wall? Subnet your class c and think about it very carefully. J. > -----Oorspronkelijk bericht----- > Van: tech at adaptive dot net [mailto:tech at adaptive dot net] > Verzonden: maandag 12 december 2005 20:55 > Aan: m0n0wall at lists dot m0n0 dot ch > Onderwerp: Re: [m0n0wall] Problem setting up DMZ for public IPs > > But how? > > i cant change routing, and only have the one class-c. > > > ~~~~~~~~~~~~~ > > > ----- Original Message ----- > From: "Paul Taylor" <PaulTaylor at winn dash dixie dot com> > To: <tech at adaptive dot net>; <m0n0wall at lists dot m0n0 dot ch> > Sent: Monday, December 12, 2005 1:45 PM > Subject: RE: [m0n0wall] Problem setting up DMZ for public IPs > > > > > > Generally, you'd want to set it up so that you have a very small address > > range to have on your WAN segment.. Then, have your full class C on the > > DMZ > > side... > > > > -----Original Message----- > > From: tech at adaptive dot net [mailto:tech at adaptive dot net] > > Sent: Monday, December 12, 2005 1:41 PM > > To: m0n0wall at lists dot m0n0 dot ch > > Subject: [m0n0wall] Problem setting up DMZ for public IPs > > > > I've got a full Class C that i'm trying to put a monowall firewall (Pc > CD) > > in front of, lets call my network class c: 123.123.123.0/24 > > > > - i've got 3 NICs setup as WAN LAN DMZ > > - lets call my router 123.123.123.1 connected to WAN > > - my monowall 123.123.123.2 > > - my network layer 2 switch connected to DMZ port > > - all my servers i want to have as public IP addresses. > > - and my servers are 123.123.123.3- 123.123.123.254 > > - all on a /24 mask > > - for simplicity, lets say only ports 80 to pass through > > > > how in the world do i set up my DMZ to allow it to have public IPs on > it? > > i cant figure out whether to use bridging, static routes, NAT, 1:1 NAT, > > etc > > > > the other confusion i have, is what is the difference between the WAN > LAN > > DMZ tabs on the web Rules GUI vs the WAN LAN DMZ "source" drop down > menu. > > seems like an oxymoron that i can define a DMZ rule but specify the LAN > > port > > > > as the source. > > > > thanks from a firewall n00b > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > > > > > > > > -- > > No virus found in this incoming message. > > Checked by AVG Free Edition. > > Version: 7.1.371 / Virus Database: 267.13.13/198 - Release Date: > > 12/12/2005 > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > |