|
||||||||||
Hey Lee, thanks for the reply. Basically that's right. We are on 192.168.0.0/22 and they are on 192.168.75.0/24, however they use the 192.168.0.0/22 network internally which is why we have to make our traffic look like its coming from our DMZ range, 10.100.2.0/24. Your solution certainly looks doable. You're right, it's messy, but at this point messy is fine so long as it works. Let me ask this. Because I would be creating the tunnel from the newly created monowall box, I take it I would have to NAT its WAN address (10.100.2.10/24) to a real world address in my primary box? -----Original Message----- From: Lee Sharp [mailto:leesharp at hal dash pc dot org] Sent: Wednesday, May 30, 2007 6:34 PM To: m0n0wall at lists dot m0n0 dot ch Subject: Re: [m0n0wall] NAT an internal address to a DMZ address? Marty Nelson wrote: > Thanks Lee. > > So there's nothing to be done with routing where we can send all traffic destined for the 192.168.75 network through the tunnel? > > As far as setting up server based NAT's, can you explain further? Wait a sec... I think I got lost. You are on 192.168.3.0/24 and they are on 192.168.75/24, but to get to them you need to "appear" to be 10.100.2.0/24? OK, this is doable, but you will need more boxes. NAT goes out the WAN. So you need a additional m0n0wall box. WAN will be in your DMZ (10.100.2.10) and LAN will be in your LAN (192.168.3.10) and this box will VPN to them. It will NOT have DHCP enabled. You will put a static route in your m0n0wall box with 192.168.75.0/24 gateway at 192.168.3.10 (Your other box) and it will work. Messy, but the only way to get this hack to work that I can think of. --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |