[ previous ] [ next ] [ threads ]
 From:  Marty Nelson <MNelson at transdyn dot com>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] NAT an internal address to a DMZ address?
 Date:  Thu, 31 May 2007 08:17:51 -0700
Sorry, I forgot to mention an integral part of this.

They have a huge list of subnets that they use for their in house networking, and one of those is
our network which is  They created the network for us to use, and
have multihomed the systems that we need to access with addresses on the .75 network.

I know this is harder than it has to be, and really appreciate the help.

Thanks again,


-----Original Message-----
From: Steve Bertrand [mailto:iaccounts at ibctech dot ca]
Sent: Thursday, May 31, 2007 7:27 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] NAT an internal address to a DMZ address?

> Wait a sec...  I think I got lost.  You are on and they
> are on 192.168.75/24, but to get to them you need to "appear" to be
>  OK, this is doable, but you will need more boxes.  NAT
> goes out the WAN.  So you need a additional m0n0wall box.  WAN will be
> in your DMZ ( and LAN will be in your LAN ( and
> this box will VPN to them.  It will NOT have DHCP enabled.  You will put
> a static route in your m0n0wall box with gateway at
> (Your other box) and it will work.  Messy, but the only way
> to get this hack to work that I can think of.


If your subnet mask at both sites are /24 (, and Lee has
it correct (you are .3 and remote is .75), then traditional routing will
work just fine from 192.168.3.x to 192.168.75.x through the VPN.

Where it won't work is if you have a /16 bitmask as opposed to the /24.


To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch