[ previous ] [ next ] [ threads ]
 
 From:  Thomas Biedorf <tom at startmovie dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] How to route "real" IPs from WAN to DMZ?
 Date:  Tue, 22 Jul 2003 15:16:10 +0200
Christiaens Joachim wrote:

> For EXAMPLE, use a 1.1.1.0/27 subnet on your WAN side
> - 1.1.1.1/27 for your ISP's router
> - 1.1.1.2/27 for your m0n0-WAN
> - (1.1.1.0 = network addr, 1.1.1.31 = broadcast)
>
> and use a 1.1.1.32/27 subnet for your DMZ
> - 1.1.1.33/27 for your m0n0-DMZ
> - 1.1.1.34/27 - 1.1.1.62/27 for your servers
> - (1.1.1.32 = network addr, 1.1.1.63 = broadcast)
>
> you'll have to redefine your routes in the ISP's router for it to work,
> because it needs to push traffic for the DMZ-servers to the m0n0wall, 
> on the
> other subnet...

Ok, I understand. But I don't have the possibility to change the 
routing tables on the ISPs router :-(
The router is connected directly to the WAN interface of m0n0wall. 
Isn't there any chance to do it?
And the heck, no, I don't want to redefine all IPs of our Servers to do 
a NAT. ;-)

What I don't get is: The ISP router serves all IPs to m0n0wall. Why 
can't m0n0wall decide, where to route the remaining IPs (since m0m0wall 
needs two of them)? Would it work if I define the m0n0wall IP of the 
DMZ on our servers as a gateway?
Maybe there are some more ideas out there? Ok, I am not really an 
IP-guru, please forgive my ignorance!

BTW: Thanks Christiaens!

Kind regards,
Thomas