[ previous ] [ next ] [ threads ]
 From:  Christiaens Joachim <jchristi at oce dot be>
 To:  "'Thomas Biedorf'" <tom at startmovie dot net>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] How to route "real" IPs from WAN to DMZ?
 Date:  Tue, 22 Jul 2003 14:48:41 +0200
Hi Thomas,

How did you define your subnet at the wan side? You should divide your /26
subnet so your m0n0wall knows where to look for which IP...

For EXAMPLE, use a subnet on your WAN side
- for your ISP's router
- for your m0n0-WAN
- ( = network addr, = broadcast)

and use a subnet for your DMZ
- for your m0n0-DMZ
- - for your servers
- ( = network addr, = broadcast)

you'll have to redefine your routes in the ISP's router for it to work,
because it needs to push traffic for the DMZ-servers to the m0n0wall, on the
other subnet...

The other alternative is 1:1 nat. You use private IP's for your servers
(another subnet then your LAN side!) and nat the 'real' addresses to these
private addresses...

Hope it helps,


-----Original Message-----
From: Thomas Biedorf [mailto:tom at startmovie dot net]
Sent: dinsdag 22 juli 2003 12:48
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] How to route "real" IPs from WAN to DMZ?

Hi all,
we are trying to setup m0n0wall for our network (we use the ISO-Image 
version). We set up a box with three networkcards. What we are trying 
to do is to route some "real" IPs from WAN to DMZ, but it doesn't work. 
LAN is working fine with DHCP.
Maybe I am missing some clues?

We do have 64 IPs (faked in this example):

The router of our ISP uses the 36. 211.83.193
I set up the WAN interface with 36. 211.83.194 and the DMZ Interface 
with 36. 211.83.195/26

The trouble is: All traffic stops at the WAN interface. If I try to 
connect from WAN to the Webserver in the DMZ on Port 80 (WebServer is 
36. 211.83.233), IMHO m0n0wall doesn't know that the 36. 211.83.233 is 
in the DMZ. Yes, I allowed to connect from WAN to DMZ on port 80.

How to route the IPs from 36. 211.83.196 to 36. 211.83.255 to the DMZ? 
All I want is that the "real" IPs used are routed to the DMZ.

Thanks for any hint!


To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

Oce enables its customers to manage their documents efficiently and
effectively by offering innovative print and document management products
and services for professional environments.

This e-mail message and any attachment are intended for the sole use of the
recipient(s) named above and may contain information which is confidential
and/or protected by intellectual property rights.
Any use of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any form) by
other persons than the designated recipient(s) is prohibited.

If you have received this e-mail in error, please notify the sender either
by telephone (0032-2-729.48.11) or by e-mail and delete the material from
any computer.
Oce-Belgium/Oce-Interservices is nor responsible for the correct and
complete transfer of the contents of the sent e-mail, neither for the
receipt on due time.  This e-mail message does not bring about a contractual
obligation for Oce-Belgium/Oce-Interservices.

Thank you for your cooperation.

For further information about Oce-Belgium/Oce-Interservices please see our
website at www.oce.be