[ previous ] [ next ] [ threads ]
 
 From:  "Adi Nugraha" <Adi dot Nugraha at metrodata dot co dot id>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  1:1 NAT without IP Alias
 Date:  Wed, 7 Mar 2007 16:20:38 +0700
Hi,

I just setup a m0n0wall v 1.22with a generic pc image, running on a
celeron 400 Mhz, 256 Mb SDRAM, with 2 3 com NICS

here is the diagram

Internet --- Router --- Switch ---m0n0
				  |
				  ----- Servers

( m0n0 and servers are connected in the same switch, both wan NIC and
LAN NIC of m0n0 are in the same switch as well ) 

M0n0 have 2 NIC 1 for the WAN IP and another for LAN IP,
I have spare Ips that i need to assign to my servers ( 4 Mail & 2 Web ),
and to do this I can use 1:1 NAT right ?, 

1. I set the 1:1 NAT 
2. add the proxy ARP 
3. Set the firewall rules to allow needed services to the LAN IP of the
server
4. Allow Needed services out from the LAN IP of my server, ( is this all
correct ? )

Now for the problems :

1. I can't access my services from the internet unless I specify an ip
alias for the servers. I tried resetting the proxy cache at the router
but no good. I've read in the manual that ip aliasing isn't recommended,
can anyone tell me why ? I'd like to lose the ip alias if possible.

2. I get these error on the console after a while
xl1 : transmission error : 90
xl1 : tx underrun, increasing tx start threshold to 240 bytes
xl1 : transmission error : 90
xl1 : tx underrun, increasing tx start threshold to 300 bytes

And the error keeps adding up, normally up till 360 bytes, but i've seen
one up till 420 bytes. What does this error mean ??

Thanks before


Regards

Adi Nugraha