[ previous ] [ next ] [ threads ]
 
 From:  Lonnie Abelbeck <lists at lonnie dot abelbeck dot com>
 To:  m0n0wall List <m0n0wall at lists dot m0n0 dot ch>
 Cc:  Kevin Tucker <ktucker at birdstep dot com>
 Subject:  Re: [m0n0wall] Mapping through Multiple external IP
 Date:  Wed, 17 Jan 2007 19:26:24 -0600
Kevin,

Did you add Proxy ARP for each 1:1 NAT public IP?

Lonnie

On Jan 17, 2007, at 6:55 PM, Kevin Tucker wrote:

> Thanks for your reply.
>
> I did also try the 1:1 mapping which required removing the Server NAT
> first.  It didn't appear to make any difference.
>
> I've been searching everywhere and haven't found any good info to  
> solve
> this.
>
> Thanks again,
> Kevin
>
>
> -----Original Message-----
> From: Lonnie Abelbeck [mailto:lists at lonnie dot abelbeck dot com]
> Sent: Wednesday, January 17, 2007 3:40 PM
> To: Kevin Tucker
> Subject: Re: [m0n0wall] Mapping through Multiple external IP
>
> Kevin,
>
> You might want to also take a look at 1:1 NAT (with proxy arp) for
> your situation.
>
> Also, look at the list archives for FTP server setup.
>
> Lonnie
>
> On Jan 17, 2007, at 5:28 PM, Kevin Tucker wrote:
>
>> I have m0n0wall 1.2b0 (Jun19, 2005) installed and I'm trying to get
>> NAT
>> working with a secondary IP address and having problems!
>>
>>
>>
>> (Using bogus IP numbers...)
>>
>>
>>
>> To describe this a little better, I have the WAN set as static  
>> with IP
>> address 67.67.67.250/29, GW:67.67.67.249.  So I have these IPs
>> available
>> for NATing to internal servers.
>>
>>
>>
>> 67.67.67.250 (the firewall)
>>
>> 67.67.67.251 (app1)
>>
>> 67.67.67.252 (app2)
>>
>> 67.67.67.253 (ftp)
>>
>> 67.67.67.254 (app4)
>>
>>
>>
>> So I added 67.67.67.253 to ServerNAT.
>>
>> Added firewall NAT of WAN, TCP, FTP, 192.168.10.10, FT which also
>> created a Firewall rule to allow incoming TCP on 21 from any.
>>
>> I selected the 67.67.67.67.253 interface as the External Interface in
>> NAT.
>>
>> NAT autocreated the rule for me.
>>
>>
>>
>> I am unable to connect to the FTP server from an outside machine
>> through
>> the 67.67.67.253 interface.
>>
>> (I tested my FTP server by setting up NAT through my main IP address
>> first before trying this and it did work fine.)
>>
>>
>>
>> Some additional points:
>>
>>  * I did not reboot my firewall machine.
>>
>>  * The address 67.67.67.253 was being used by another machine
>> connected
>> to the same hub, but I disabled that machine's interface before  
>> trying
>> all of this.
>>
>>
>>
>> I've tried all kinds of settings in m0n0wall to try to get it to
>> actually grab and route stuff on this secondary IP, but it just
>> doesn't
>> seem to ever actually take ownership of that IP!
>>
>>
>>
>> Is there something I'm missing?  Any ideas?
>>
>>
>>
>> Kevin
>>
>>
>>
>>
>>
>>
>>
>
>