|
||||||||||
Thanks ! but, if i set WAN -> PPPOE, the IP adresse assigned to the interface is xx.xx.xx.xx/32 I can set DMZ to 10.10.10.193/28 (subnet of my public range) and use NAT 1:1 (10.10.10.192/28 -> xx.xx.xx.192/28) , but how m0n0wall know how to route packet to xx.xx.xx.193/28 (my public range) ??? Just by specify NAT 1:1 (10.10.10.192/28 -> xx.xx.xx.192/28) ??? - jérôme > Jérôme Simionato wrote: > >> My question is simple: >> is it an other way to made PPPOE connection with multiple IP to work ??? >> is it possible to use the WAN card to assume my public range >> (xx.xx.xx.193/28) and let DMZ in an other subnet (10.10.10.0/24) with >> NAT Inbound ??? > > > Sure! You can use 1:1 NAT if you have enough public IP addresses to > give each of your DMZ server its own, or server NAT if you need to be > able to map individual ports on each of your public IPs to different > servers. In any case, just assign a private subnet to your DMZ > interface and add the desired 1:1 (or server NAT + inbound) mappings. > No proxy ARP required for PPPoE. > > Also, don't forget that you shouldn't allow DMZ servers to connect > back to LAN (or at least only on a very limited set of ports/IPs) - > use "not LAN subnet" as the destination for your DMZ rule. > > - Manuel |