[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Configuration Help: Public IPs on LAN side
 Date:  Thu, 30 Mar 2006 15:23:11 -0500
On 3/30/06, aprose at yostengineering dot com <aprose at yostengineering dot com> wrote:
>
> Once I was sure everything was working, I switched the LAN interface IP to A.B.C.227/27, enabled
advanced outbound NAT and set up an internal (LAN side) machine at A.B.C.230/27.  This machine is
able to talk to the LAN interface of m0n0wall with no problems, but can seem to get no further. 
Also, it seems I can no longer ping anything past the WAN interface from the firewall itself.
>

Because you have the same IP subnet on both sides (LAN and WAN) of the
firewall now.  It doesn't know what should go where.

If you want public IP's on the LAN, you need to have only public IP's
on the LAN (i.e. you can't mix public and private), and you need a
separate IP subnet for your WAN interface, usually a /30 to connect
you to the ISP.

It'd be a lot less trouble to use 1:1 NAT, unless you absolutely can't
use NAT for some reason.

-Chris