[ previous ] [ next ] [ threads ]
 
 From:  "Christopher M. Iarocci" <iarocci at eastendsc dot com>
 To:  Bob Young <bob at lavamail dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] 1:1 NAT or M0n0 in bridge ?
 Date:  Tue, 04 Sep 2007 16:48:32 -0400
Do you have the ability to route public addresses?  If so, you could 
route a small subnet to your customer through your m0n0wall and be done 
with it.  It is my experience that customers don't want you 
administering their IP, they just want it.  Of course you would need to 
watch the traffic and block things accordingly (like when he becomes 
infected with some virus and starts sending out 1Million emails a day).  
If you have customers I have to assume you are already monitoring their 
traffic.

Chris

Bob Young wrote:
> Let's say I have the following setup, and a customer, who wants a public
> static IP, is connected to M0n0wall, by a PTP wireless system.
>
> Internet > M0n0wall (with 1:1 NATing) > PTP wireless system > customer
> router (NATed with private static IP on wan) > switch > rest of customer
> network
>
> Just think of the bridged wireless system, as a long Ethernet cable.
>
> I understand that with 1:1 NATing, the customer would have a private static
> IP address on the WAN port of his router.and I would have to configure a
> public static IP in the 1:1 NATing section of my M0n0wall. 
>
> Wouldn't this 1:1 NATing allow the customer to remote into his network, just
> the same as if the my M0n0wall was in bridge mode and the customer had a
> public static IP address on the WAN port of his router?
>
> But, I have heard that some applications on the customer's computer (that he
> might try to access remotely.maybe via VPN), may not work properly, unless
> the WAN port of the customer's router actually had a public static IP
> address. I'm not sure how true that is.   I hope it isn't true, since it
> seems that 1:1 NAT would be better then operating my M0n0wall in bridge
> mode.
>
> So I could use some comments on this.
>
> I would think that 1:1 NATing would even have some advantages, such as the
> inherent security of NAT.
>
> Thanks for any comments on this.
>
>  
>
>
>