[ previous ] [ next ] [ threads ]
 
 From:  "Jack Pivac" <email2 at delphinus dot co dot nz>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] routing a /29
 Date:  Mon, 14 Aug 2006 23:06:48 +1200 (NZST)
After enabling Advanced Outbound Nat then saving with no mappings our
machines behind our monowall cannot access the internet.

Our monowall can still ping things fine, and our servers can access webgui
etc on the monowall but cannot ping anything past the monowall. (mono's GW
etc)

As soon as we add a mapping x.x.102.144/29 our servers can access the
internet, but i'm assuming that this is just turning NAT straight back on
again?

How do we turn mono into a pure routing platform please without NAT.

All help much appreciated :)

Thanks,
Jack


>> ----- Original Message -----
>> From: <email2 at delphinus dot co dot nz>
>> To: <m0n0wall at lists dot m0n0 dot ch>
>> Sent: Sunday, August 13, 2006 1:45 PM
>> Subject: [m0n0wall] routing a /29
>>
>>
>>> Hi All,
>>>
>>> Our ISP has given us to following information:
>>>
>>> You'll need to change the ipconfig on your router to:
>>>
>>> IP: x.x.102.131
>>> SN: 255.255.255.240
>>> GW: x.x.102.129
>>>
>>> Your subnet is x.x.102.144 /29
>>
>> I have a configuration running that looks something like this (standard
>> routed subnet); The only difference is that my subnet is a /27.
>> If I transcribe my setup to match your addresses, your external
>> interface
>> would be configured as given:
>>  ip=x.x.102.131, mask=255.255.255.240(/28), gw=x.x.102.129
>> and your LAN interface as
>>  ip=x.x.102.145 mask=255.255.255.248(/29)
>>
>> you then assign your servers addresses 146, 147, 148, 149, 150 and don't
>> use
>> NAT at all.
>>
>> As far as I can calculate, ...144/29 does not overlap the ...128/28 net,
>> so
>> it should be sound.
>>
> Thankyou for your replies,
>
> And what should be configured on the Advanced Outbound Nat page on mono?
>
> Just tick the box and save? Or do we need to add any entries.
> (Only 2 interfaces, WAN and LAN in this box)
>
> Cheers,
> Jack
>
>
>>
>>
>>
>>
>>
>>
>>
>>>
>>>
>>> Now we have about 3 servers we would like to run behind a monowall box.
>>> And we need the monowall box to limit total traffic to 1mbit each way.
>>>
>>> But we would like these 3 boxes to each have a real world IP configured
>>> on
>>> them, not a 192.168 address, so we dont want to use 1:1
>>>
>>> So am I correct in assuming I want to use Enable advanced outbound NAT
>>> and
>>> then configure for example first machine with:
>>>
>>> IP: x.x.102.145
>>> SN: 255.255.255.240
>>> GW: x.x.102.131
>>>
>>> and that in theory should be able to access the internet?
>>>
>>> What am I doing wrong please?
>>>
>>> And whats required for outside people to be able to access those
>>> servers?
>>>
>>> Cheers,
>>> Jack
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>
>>>
>>>
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>