[ previous ] [ next ] [ threads ]
 
 From:  Chris Hoy Poy <chrishp at dugeo dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Cc:  xocer <xocer dot 0 at gmail dot com>
 Subject:  Re: [m0n0wall] m0n0wall config
 Date:  Wed, 27 Sep 2006 15:02:54 +0800
1:1 NAT probably wont work well unless you have 4 external IPs. (1 for each 
server you wish to use)

set up ServerNAT entries in monowall, and use the Inbound NAT to redirect the 
ports you want, to the servers you want. Allow it to auto-allocate the rules. 

thats how I've done it anyway - although I have multiple external IPs, and I 
still prefer to use InboundNAT over 1:1 NAT purely for the flexibility (and 
correct me if I'm wrong, but it makes the firewall rules+NAT rule a bit more 
readable).

1:1 NAT only makes sense to me if you really need the internal/protected 
server to think it really is on the internet. Most of the time, I think this 
is not the case people want. 

...
and posting the same question twice in two days wont win you too many friends 
on any mailing list I'm aware of.. 

//chris

On Wednesday 27 September 2006 14:51, xocer wrote:
> Hi everybody!
>
> Before start, sorry for my bad english. And I admit Spanish responses ;)
>
> Well, I'm looking for a DMZ config where I've four servers. In
> m0n0wall have three inrefaces, WAN, LAN and DMZ. By WAN come a
> x.x.x.x/24 and in example
> http://doc.m0n0.ch/handbook/examples.html#id2603650 I can redirect
> with nat 1:1 a public ip to a DMZ ip
>
> after can I filter packets with firewall rules by port? or all traffic
> is direct to de lan ip in DMZ interface in 1:1 nat?
>
> what example is better for my. The lastest URL or this:
> http://doc.m0n0.ch/handbook/examples-filtered-bridge.html. I've the
> wan interface conected to a LMDS bridge.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

-- 
Chris Hoy Poy
System Administrator
DownUnder GeoSolutions
http://www.dugeo.com