Re: [m0n0wall] Multiple Wan IP with PPPOE

From:	Manuel Kasper <mk at neon1 dot net>
To:	=?ISO-8859-1?Q?J=E9r=F4me_Simionato?= <jerome at cyber dash fr dot net>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Multiple Wan IP with PPPOE
Date:	Thu, 12 Feb 2004 18:47:22 +0100

Jérôme Simionato wrote:

> My question is simple:
> is it an other way to made PPPOE connection with multiple IP to work ???
> is it possible to use the WAN card to assume my public range 
> (xx.xx.xx.193/28) and let DMZ in an other subnet (10.10.10.0/24) with 
> NAT Inbound ???

Sure! You can use 1:1 NAT if you have enough public IP addresses to give 
each of your DMZ server its own, or server NAT if you need to be able to 
map individual ports on each of your public IPs to different servers. In 
any case, just assign a private subnet to your DMZ interface and add the 
desired 1:1 (or server NAT + inbound) mappings. No proxy ARP required 
for PPPoE.

Also, don't forget that you shouldn't allow DMZ servers to connect back 
to LAN (or at least only on a very limited set of ports/IPs) - use "not 
LAN subnet" as the destination for your DMZ rule.

- Manuel