[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Private on LAN, Public on DMZ
 Date:  Mon, 27 Feb 2006 11:25:47 -0600
RP Smith wrote:
> BTW, I do need to access the hosts on the bridged interface from the
> NAT'ed interface so looks like bridging is not an option for me.
> 
> Roy...
> ------------------------------------------
> 
> Calling all m0n0wall Guru's!
> 
> I'm trying to configure my m0n0wall to have Private IPs on the LAN and
> Public IPs on the DMZ but have been unsuccessful so far (I've even
> tried bridging WAN to DMZ but also had problems with that).
> 
> Here is my setup:
> 
> DSL Modem with 6 usable Static IPs.
> 
> nnn.nnn.7.173 - .178 /26 (255.255.255.192)
> 
> nnn.nnn.7.129 - Gateway
> 
> I would like to have .173 NATed to the the LAN and the rest of my
> Public IPs assigned to the DMZ.
> 
> All help will be greatly apprecated.

How many hosts do you need in the DMZ?

You may have to use .173 on WAN (NATed to LAN - use private IPs here)
and .174 for DMZ interface. That would leave .175 - .178 (4 hosts) for
DMZ. You would need to use .174 for the gateway for the DMZ hosts. i.e.
you would not bridge the DMZ interface - it would be a separate network
(I guess a /26 mask would work??).

You would need to create rules to allow the needed traffic. You should
not have any problem accessing the DMZ hosts.

_________________________________
James W. McKeand