[ previous ] [ next ] [ threads ]
 From:  "RP Smith" <rpsmith at hotmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Private on LAN, Public on DMZ
 Date:  Tue, 28 Feb 2006 12:35:46 -0600
You may want to check out one of my previous posts on this subject:


You can have OPT1 bridged to WAN _and_ still access OPT1 from LAN - the
secret is to use advanced NAT.  I'm using it that way now!  And you
don't waste any IP addresses, either.

Neil A. Hillard                E-Mail:   m0n0 at dana dot org dot uk


I tried your advanced NAT rule but so far no luck.  I'm a little confused as 
to the correct net mask to use for the rule.  How do I determine the correct 
mask?  Also, the main problem I'm having right now is that as soon as I 
bridge my DMZ to my WAN, I can no longer reach the Internet from my NATed 
LAN hosts.  If it matters, the DMZ interface I'm trying to bridge to my WAN 
is actually my Optional 2 interface.  My Optional 1 interface is a NATed 
192... network.

Thanks for the help Neil.


I finally got this working with a WAN to Option-1 Bridge and Neil's Advanced 
NAT rule.  All the problems I was having went away when I disabled my 
Option-2 interface and moved my DMZ over my Option-1 interface.  So it looks 
like there might be a bug in 1.21 that is keeping this from working with the 
Option-2 interface.  I'll try to duplicate the problem on a second box and 
see what happens.

Thanks to Neil and James for taking the time to help me resolve this