[ previous ] [ next ] [ threads ]
 
 From:  "Christopher M. Iarocci" <iarocci at eastendsc dot com>
 To:  Pavel Balus <Balus dot Pavel at seznam dot cz>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] DMZ and public IP
 Date:  Sun, 10 Dec 2006 18:43:27 -0500
Is 200.200.200.162 a public IP?  If so, turn on Advanced Outbound NAT 
and do NOT make a 1:1 NAT mapping.  At that point you must also create 
firewall rules to allow whichever ports through your WAN port to 
200.200.200.162.  That should get it working (you may also need to turn 
on proxy ARP).  However, I see when I do that there is no way to specify 
which interface I wish to set up that way, and it does it for both OPT1 
and LAN.  That is obviously a problem since you have private IPs on your 
LAN.  Can anyone expand on this?  Maybe a better way is to put the 
public IP on the WAN and bridge to OPT1?

Chris

Pavel Balus wrote:
> Hello,
>
> my m0n0wall configuration is:
>
> WAN: 123.123.123.123/32
> LAN: 192.168.100.0/24
> DMZ: 200.200.200.160/30 (1 server with IP ends .162)
>
> I allowed all comunication (both directions) between WAN and DMZ interfaces. Then ICMP (ping)
started to work. Outbound comunication from DMZ I solved by advanced outbound NAT. What I don't
understand is why TCP inbound comunication to my server in DMZ doesn't work. I did small research
about my problem and finally I found solution. When I enable NAT 1:1 on WAN interface with public IP
200.200.200.162/32 and private IP 200.200.200.162/32, inbound TCP communication to my server in DMZ
started to work. Without this works only inbound ping to my server in DMZ. Could somebody explains
me, why it works? Does it exist another solution for m0n0wall with public subnet at DMZ (OPT)
interface?
> Thank you.
>
> Pavel Balus
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>