Per Jørgensen wrote:
> Well after tumbling around with this monowall for some time - I' ll
> write here to get the answers!
> I working on a school where we bougth a Soekris net4801+Lan 1621!
> We have several servers/subnets that should be setup! So here's the deal!
> Wan --> we got 16IP to setup for several subnet!
> Lan - Servers (Got 10 servers)
> Opt1 - All the klients
> Opt2 - Thats another server- subnet!
> Opt3 - Thats the VPN
> I've tried yesterday to set this up. and have some questions about this!
> If I set the LAN up with the machines (servers - mail http a.s.o.) How
> is it possible to set this up so that the klients can access the
> servers - like mail - I found the notice about setting up the intern
> DNS. But when you' re webserver i hosting a lot of virtuel sites -
> how is it possible??
> My guess - You build your own DMZ and have this one on a seperate
> subnet! But is it here possible to access the NAT-services in the DMZ ???
> Were students and have each own virtuel site - and uses this according
> to our education. So all the klients (Opt2) should have full access to
> all the NAT services on the LAN!
> Hopefully you can understand this - I'm pretty confused myself after
> tumbling around with this for 2weeks now! So hopefully thanks for an
> well - as you can see - my english isn' t that good and I having
> really problems about reading the manual here foir the answers!
Although I'm certain that you could configure things to work in this
setup, I would recommend that you put the client machines on the LAN,
and move the servers to one of the OPTx interfaces unless you're going
to reserve the LAN interface for administration. That isn't so much
because it won't work, but more for convention. Usually LAN machines
are the most protected and require the most rules to access from elsewhere.
As for your DNS question, adding the names to the host file on the
m0n0wall or whatever machine is providing DNS for the client machines
should allow you to access everything by name without issue.