[ previous ] [ next ] [ threads ]
 
 From:  Jack Murgia <jack dot murgia at progent dot com>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Map Specific Public IPs to Specific Subnets
 Date:  Thu, 28 Sep 2006 16:14:09 -0700
Thanks Chris. 

To confirm, would these be the areas and settings I would apply?:

---
Firewall: NAT: Edit outbound mapping:

Interface= WAN
Source = 192.xxx.10.0 /24 (Opt 1 interface on my m0n0wall box)
Destination = type: any
Target = 216.xxx.xxx.107

---
And in Firewall: NAT : Server NAT

External IP address: 216.xxx.xxx.107

---
And in Firewall: Rules : WAN

Action: Pass
Interface: WAN
Protocol: Any (or a limited number of ports)
Source: Any
Destination: Opt 1 interface subnet


If that's correct, then my next questions are:

1. So this will mean that all traffic from the 192.xxx.10.0 /24 will appear
to be coming from 216.xxx.xxx.107 to the outside world?

2. Do I need to specify Firewall: NAT: Edit outbound mapping: settings
similar to those above for the other two subnets? Or will they continue to
work as they always have, traffic originating on these subnets appearing to
the outside world as if they come from the WAN interface IP address?

Jack M.


> From: Chris Buechler <cbuechler at gmail dot com>
> Date: Thu, 28 Sep 2006 17:59:51 -0400
> Cc: <m0n0wall at lists dot m0n0 dot ch>
> Subject: Re: [m0n0wall] Map Specific Public IPs to Specific Subnets
> 
> On 9/28/06, Jack Murgia <jack dot murgia at progent dot com> wrote:
>> My m0n0wall device has 4 ports- 1 for the WAN link and 3 of which are setup
>> as 3 separate subnets (using NAT).
>> 
>> We have a .224 network with our T-1 service. I'd like to route traffic for 1
>> specific public IPs to one of the subnets, but can't see how this is done.
>> Is it possible?
>> 
> 
> You can map a specific internal subnet to a specific public IP for
> outbound traffic using Advanced Outbound NAT.  For inbound, from the
> Internet traffic, you add that IP to Server NAT, then use Inbound NAT
> to open whatever ports you want to open.
> 
> -Chris
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>