[ previous ] [ next ] [ threads ]
 From:  "RP Smith" <rpsmith at hotmail dot com>
 To:  james at mckeand dot biz, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Private on LAN, Public on DMZ
 Date:  Mon, 27 Feb 2006 12:11:43 -0600
RP Smith wrote:
 > BTW, I do need to access the hosts on the bridged interface from the
 > NAT'ed interface so looks like bridging is not an option for me.
 > Roy...
 > ------------------------------------------
 > Calling all m0n0wall Guru's!
 > I'm trying to configure my m0n0wall to have Private IPs on the LAN and
 > Public IPs on the DMZ but have been unsuccessful so far (I've even
 > tried bridging WAN to DMZ but also had problems with that).
 > Here is my setup:
 > DSL Modem with 6 usable Static IPs.
 > nnn.nnn.7.173 - .178 /26 (
 > nnn.nnn.7.129 - Gateway
 > I would like to have .173 NATed to the the LAN and the rest of my
 > Public IPs assigned to the DMZ.
 > All help will be greatly apprecated.

How many hosts do you need in the DMZ?

You may have to use .173 on WAN (NATed to LAN - use private IPs here)
and .174 for DMZ interface. That would leave .175 - .178 (4 hosts) for
DMZ. You would need to use .174 for the gateway for the DMZ hosts. i.e.
you would not bridge the DMZ interface - it would be a separate network
(I guess a /26 mask would work??).

You would need to create rules to allow the needed traffic. You should
not have any problem accessing the DMZ hosts.

James W. McKeand


Thanks for the reply James.  I'll take as many hosts as I have left over 
after the subnetting is done.  I just wasn't sure if subnetting would work 
for my IP range and didn't know what mask to use on the WAN and what mask to 
use on the DMZ.  Doesn't seem like would be able to use /26 on both but I 
guess I'll give it a try and see what happens.

Thanks again, Roy...