[ previous ] [ next ] [ threads ]
 
 From:  "Bryan K. Brayton" <bryan at sonicburst dot net>
 Cc:  "m0n0wall" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Multiple public subnets
 Date:  Sun, 1 Oct 2006 09:54:01 -0400
So, I think this will work for you, though if someone knows better, please chime in.
 
Assign IPs to your interfaces like you have listed, then go to outbound tab on the NAT config page. 
Check the advanced outbound NAT and add an outbound NAT rule that says something like:
 
Interface: WAN
Source: LAN network
Destination: any (or maybe this should be something like all networks *except* your OPT networks)
 
You probably don't need any other rules, since you want to route to the OPT interfaces.  Then save
everything and you may need to restart the firewall, though I don't know if that part is necessary. 
You may also have to check your firewall rules to make sure that traffic is allowed in/out of your
interfaces per your requirements.
 
I haven't personally tested that configuration on a m0n0, but it seems to be what you want, unless
I'm missing something.
 
-Bryan
 

________________________________

From: Robert Fitzpatrick [mailto:lists at webtent dot net]
Sent: Sat 9/30/2006 10:18 AM
To: Bryan K. Brayton
Cc: m0n0wall
Subject: RE: [m0n0wall] Multiple public subnets



On Sat, 2006-09-30 at 08:19 -0400, Bryan K. Brayton wrote:
> Unless I'm misunderstanding this, Robert is not looking for 2 WAN interfaces, he's looking to
straight route 2 subnets on OPTx interfaces, and still NAT the clients on the LAN interface.  Is
this correct?

Maybe? I want the two OPT ports and the LAN all behind the WAN port, is
that feasible? Let's say this...

WAN --> 111.222.333.100/29 with GW 111.222.333.97 (this is set by the
provider)

LAN --> 192.168.1.1/24
OPT1--> 444.55.666.1/26
OPT2--> 111.222.777.1/27

I want those two public IP subnets on the OPT ports to be transparent to
the outside world, so if somebody is looking for 444.55.666.2, it passes
through the m0n0wall firewall rules and on to it's destination host
behind the m0n0wall. Is this possible? I was looking at outbound NAT in
the m0n0wall docs for multiple public IP's, but it just wasn't detailed
enough for my networking skills to try and setup. With the Sonicwall
2040, as setup like above, the OPT1 subnet worked fine, but the OPT2
subnet did not.

I asked the provider for two separate subnets and they gave me a WAN
subnet with 3 usable IP addresses. Perhaps I am to use two routers like
sai said? But then I still don't see how the OPT ports are to be used.

--
Robert