[ previous ] [ next ] [ threads ]
 
 From:  "Lee Sharp" <leesharp at hal dash pc dot org>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Doubts of novice
 Date:  Fri, 24 Feb 2006 09:54:33 -0600
From: "James W. McKeand" <james at mckeand dot biz>
> Jose Eduardo wrote:

> > -How I can give 2 (or more) ip address to same LAN interface?

> You cannot, this breaks fundamental rules of IP networking. All nodes
> must have unique IP address.

You can, but it is not a clean hack.  It requires commands from the exec.php 
page, or shell commands in the config.  It is also considered poor practice 
in production.  And then people tell you to set the IP of your access points 
to an address outside the subnet for (implied but not real) security. 
Sigh...  What are you actually trying to do?

> > -How I can make a port forward in my LAN? all connection to m0n0wall
> > in port 3128 redirect to another ip in my LAN, in some port?

> If you want to forward from the WAN interface (i.e. outside your
> network) to a machine in your LAN, use Inbound NAT rules. Make sure to
> tick the auto-create firewall rule box.

> If you want to redirect traffic from one machine to another on your LAN,
> I'm not sure you can do that. There has been some chatter about
> redirecting SMTP, I would start with searching the archive on that.

Another dirty undocumented hack discussed by people far beyond me in the 
m0n0 sphere. (Chris Buechler and Jonathan De Graeve)  This would need to be 
in the config, for example.

<nat>
 <rule>
  <protocol>tcp</protocol>
  <external-port>25</external-port>
  <target>192.168.1.5</target>
  <local-port>25</local-port>
  <interface>wan</interface>
  <descr>redirect SMTP to WAN SMTP server</descr>
 </rule>
 </nat>

Of course, if the machine at .5 tries to get out, it may get stuck in a 
recursive loop...

                        Lee