[ previous ] [ next ] [ threads ]
 
 From:  "Adi Nugraha" <Adi dot Nugraha at metrodata dot co dot id>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] 1:1 NAT without IP Alias
 Date:  Wed, 7 Mar 2007 18:39:47 +0700
-----Original Message-----
From: Adi Nugraha [mailto:Adi dot Nugraha at metrodata dot co dot id] 
Sent: Wednesday, March 07, 2007 16:21
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] 1:1 NAT without IP Alias

Hi,

I just setup a m0n0wall v 1.22with a generic pc image, running on a
celeron 400 Mhz, 256 Mb SDRAM, with 2 3 com NICS

here is the diagram

Internet --- Router --- Switch ---m0n0
				  |
				  ----- Servers

( m0n0 and servers are connected in the same switch, both wan NIC and
LAN NIC of m0n0 are in the same switch as well ) 

M0n0 have 2 NIC 1 for the WAN IP and another for LAN IP, I have spare
Ips that i need to assign to my servers ( 4 Mail & 2 Web ), and to do
this I can use 1:1 NAT right ?, 

1. I set the 1:1 NAT
2. add the proxy ARP
3. Set the firewall rules to allow needed services to the LAN IP of the
server 4. Allow Needed services out from the LAN IP of my server, ( is
this all correct ? )

Now for the problems :

1. I can't access my services from the internet unless I specify an ip
alias for the servers. I tried resetting the proxy cache at the router
but no good. I've read in the manual that ip aliasing isn't recommended,
can anyone tell me why ? I'd like to lose the ip alias if possible.

2. I get these error on the console after a while
xl1 : transmission error : 90
xl1 : tx underrun, increasing tx start threshold to 240 bytes
xl1 : transmission error : 90
xl1 : tx underrun, increasing tx start threshold to 300 bytes

And the error keeps adding up, normally up till 360 bytes, but i've seen
one up till 420 bytes. What does this error mean ??

Thanks before



Update on the problems

After a while ( around 6 hours ) the m0n0 box freezes up, as in no
connections will go through, checking from the console and web console,
everything seems to response ok, i can still ping from the m0n0 box, and
i can still set rules and all, but my servers are unable to accept any
connections, incoming or outgoing, after a reboot it will work again
though, also after the reboot, the IP alias i set is gone, but the 1:1
NAT still work, so the problem is why did the m0n0 box freeze up the
connections ??  Any ideas ?

Regards

Adi Nugraha 

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch