[ previous ] [ next ] [ threads ]
 
 From:  "Adi Nugraha" <Adi dot Nugraha at metrodata dot co dot id>
 To:  "Andreas Ferrari" <aferrari at stasoft dot ch>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] 1:1 NAT without IP Alias
 Date:  Wed, 7 Mar 2007 20:43:06 +0700
Andreas,

Thanks for the suggestion, If I use server NAT does that mean I'll have
to use advanced outbound NAT well ?  I have an spf record for my mail
servers and i'll need my mail server to send from it's own ip address, I
still need to define a firewall rule to allow to the LAN IP of the
server right ?

any ideas on why the error on the console keep coming out ??


Regards

Adi Nugraha 
-----Original Message-----
From: Andreas Ferrari [mailto:aferrari at stasoft dot ch] 
Sent: Wednesday, March 07, 2007 20:14
To: Adi Nugraha
Subject: Re: [m0n0wall] 1:1 NAT without IP Alias

Hi Adi

Why you don't do a Server Nat? You can give your servers a real public
IP on the m0n0 with Server Nat and then define a Inbound Nat to the real
server.
This should not be to difficult to do. If you need more security set up
a third interface by example called OPT.
Then your OPT Net will be your dmz, some little work is to do but not
much, there are very good descriptions in the m0n0-doc which could be
found on m0n0.ch .
I hope this gives you some ideas and it is sometimes god to see the
problem from an other point than yours.

reagards

Andreas

Adi Nugraha schrieb:
> -----Original Message-----
> From: Adi Nugraha [mailto:Adi dot Nugraha at metrodata dot co dot id]
> Sent: Wednesday, March 07, 2007 16:21
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] 1:1 NAT without IP Alias
> 
> Hi,
> 
> I just setup a m0n0wall v 1.22with a generic pc image, running on a 
> celeron 400 Mhz, 256 Mb SDRAM, with 2 3 com NICS
> 
> here is the diagram
> 
> Internet --- Router --- Switch ---m0n0
> 				  |
> 				  ----- Servers
> 
> ( m0n0 and servers are connected in the same switch, both wan NIC and 
> LAN NIC of m0n0 are in the same switch as well )
> 
> M0n0 have 2 NIC 1 for the WAN IP and another for LAN IP, I have spare 
> Ips that i need to assign to my servers ( 4 Mail & 2 Web ), and to do 
> this I can use 1:1 NAT right ?,
> 
> 1. I set the 1:1 NAT
> 2. add the proxy ARP
> 3. Set the firewall rules to allow needed services to the LAN IP of 
> the server 4. Allow Needed services out from the LAN IP of my server, 
> ( is this all correct ? )
> 
> Now for the problems :
> 
> 1. I can't access my services from the internet unless I specify an ip

> alias for the servers. I tried resetting the proxy cache at the router

> but no good. I've read in the manual that ip aliasing isn't 
> recommended, can anyone tell me why ? I'd like to lose the ip alias if
possible.
> 
> 2. I get these error on the console after a while
> xl1 : transmission error : 90
> xl1 : tx underrun, increasing tx start threshold to 240 bytes
> xl1 : transmission error : 90
> xl1 : tx underrun, increasing tx start threshold to 300 bytes
> 
> And the error keeps adding up, normally up till 360 bytes, but i've 
> seen one up till 420 bytes. What does this error mean ??
> 
> Thanks before
> 
> 
> 
> Update on the problems
> 
> After a while ( around 6 hours ) the m0n0 box freezes up, as in no 
> connections will go through, checking from the console and web 
> console, everything seems to response ok, i can still ping from the 
> m0n0 box, and i can still set rules and all, but my servers are unable

> to accept any connections, incoming or outgoing, after a reboot it 
> will work again though, also after the reboot, the IP alias i set is 
> gone, but the 1:1 NAT still work, so the problem is why did the m0n0 
> box freeze up the connections ??  Any ideas ?
> 
> Regards
> 
> Adi Nugraha
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>