|
||||||||
DOH! Man, that' what I was afraid of. I'll try and get 4 /30s to be safe. You never know what you might need on the outside of the firewall. Anyone know of the easiest way to do a ( I think this is the right term ) split horizon DNS without 2 different servers? We already have about 250 DNS entries and keeping 2 DNS servers synchronized with www.fwiz.com 10.0.1.144 for internal users and 67.x.x.144 for external users is going to be a pain. Sorry this isn't a M0n0wall question, I just haven't found any answers anywhere else. Scott Karch Facility Wizards Software scott at facilitywizards dot com 773-832-0200 x1102 773-832-0202 fax http://www.facilitywizards.com * Simple * Powerful * Flexible * -----Original Message----- From: Chris Buechler [mailto:cbuechler at gmail dot com] Sent: Thursday, June 29, 2006 9:31 PM Cc: m0n0wall at lists dot m0n0 dot ch Subject: Re: [m0n0wall] Help with layout.... On 6/29/06, Scott Karch <scott dot k at facilitywiz dot com> wrote: > > Currently, I only have the /24 for my use. Can I still 1:1 NAT or do I need > one additional IP address for the WAN port of the M0n0wall? > Ah, you're going to need one for the WAN, and since you're already using one for the CSU/DSU, you can't do a 1:1 with the whole /24. I'd suggest seeing if you can get a /30 from your ISP, one IP for the CSU/DSU and one for m0n0wall's WAN. That makes everything *much* easier, and if they're serving you BGP I can't imagine getting an additional /30 would be an issue. If getting a /30 is absolutely out of the question, your setup is going to be a royal pain to setup. You'll either need 252 (254 usable minus 2) individual 1:1 entries, or a mix of /25, /26, /27, etc. to make it work without hitting .1 or .2 in any of those. -Chris --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |