Re: [m0n0wall] NAT an internal address to a DMZ address?

From:	Lee Sharp <leesharp at hal dash pc dot org>
To:	"m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] NAT an internal address to a DMZ address?
Date:	Wed, 30 May 2007 20:34:07 -0500

Marty Nelson wrote:
> Thanks Lee.
> 
> So there's nothing to be done with routing where we can send all traffic destined for the
192.168.75 network through the tunnel?
> 
> As far as setting up server based NAT's, can you explain further?

Wait a sec...  I think I got lost.  You are on 192.168.3.0/24 and they 
are on 192.168.75/24, but to get to them you need to "appear" to be 
10.100.2.0/24?  OK, this is doable, but you will need more boxes.  NAT 
goes out the WAN.  So you need a additional m0n0wall box.  WAN will be 
in your DMZ (10.100.2.10) and LAN will be in your LAN (192.168.3.10) and 
this box will VPN to them.  It will NOT have DHCP enabled.  You will put 
a static route in your m0n0wall box with 192.168.75.0/24 gateway at 
192.168.3.10 (Your other box) and it will work.  Messy, but the only way 
to get this hack to work that I can think of.