[ previous ] [ next ] [ threads ]
 
 From:  "Jesse Perry" <jp at jptechnical dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  multiple public IPs - kicking my butt.
 Date:  Sun, 14 May 2006 14:46:06 -0700
Sorry if this is a dupe... I don't see my original post.

I have a static IP block from Qwest.net, the setup is as follows:


leased IP addresses:
Reserved Network
0.0.0.24
User-assignable
0.0.0.25, 0.0.0.26, 0.0.0.27, 0.0.0.28, 0.0.0.29
Reserved Gateway
0.0.0.30
Reserved Broadcast
0.0.0.31
Subnet Mask
255.255.255.248

Into a 5port switch out to the monowall on the wan and opts

Monowall 1.22
LAN 192.168.10.1/24, WAN 0.0.0.25/24, OPT1, OPT2, OPT3 with 3com 3c905c-txm cards

I have been through the docs and know that with multiple public IPs my choices are routing, server
nat, 1:1 and inbound nat. I do not have a dmz perse because the services I run are testing web
servers that are only exposed when I enable it. I will setup a real DMZ in the next couple months,
but I am finishing moving into my new office and need to get the network stable before I start
segmenting it. Most of my inbound nat is to exchange, SBS2k3 RWW, MS CRM3.0, a couple terminal
servers and a few clarkconnect boxes running development web servers... simple LAMP setups for PHP
CMS projects.

I have been surviving with a single IP, but I need to have 2 incoming RDP (no redirectors) 3 inbound
port 80 and setting up Apache and redirects to other ports is not an option. Again... the DMZ is
coming... but I need to get this working as is for the next month or 2.

Initially I thought I could just give one of the optional interfaces a public IP, open some ports
and viola. But that doesn't seem to be the case.

I have tried so many iterations of the instructions from the handbook with no success, in addition
to searching the mailing lists with the same result.


This is what works. Wan works, if I set the IP to one of the other in the 5 useable in the block I
can ping each address when it is assigned to WAN and port forwarding works fine. I have tried
setting up server nat and 1:1 but nothing comes through. In fact, the firewall logs don't even show
any attempts to ping or access any other services, making me think that assigning the additional IP
is not having any effect. The addresses are not assigned by DHCP, so the proxyARP is not making any
difference.

Please tell me simply how to make my monowall box receive these additional IPs... whether it is
through the WAN or through the OPTs

jp at jptechnical dot com 

Thank you for your help. This is an amazing project and the mailing lists are an incredible asset.
There are some really bright people answering these questions from dullards like myself.