Re: [m0n0wall] multiple port 80 rules in DMZ

From:	"Chris Buechler" <cbuechler at gmail dot com>
To:	Phil <xphilz at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] multiple port 80 rules in DMZ
Date:	Fri, 23 Feb 2007 01:30:43 -0500

On 2/23/07, Phil <xphilz at gmail dot com> wrote:
> Hi all,
>
> I have my DMZ with a public IP range (OPT1 int on m0n0).
>
> I have multiple dev machines in my DMZ and I have 2 machines that now need
> port 80 opened to them.
>
> In the past, I had the 1st machine with a port 80 NAT rule and the port 80
> fw rule which works like a charm.
>
> When trying to add a 2nd machine, you cant have multiple port 80 NAT's it
> appears, kinda seems logical, I just dont know how to get around it.
>

You need multiple public IP's to open port 80 to multiple machines.
You can only open a single port to a single IP (with any firewall).

I've done this before in situations where I needed multiple web
servers on a single public IP, but it's a real hack, you really need
more than one public IP.
http://doc.m0n0.ch/handbook/thirdparty-apache-virtualhosts.html

-Chris