[ previous ] [ next ] [ threads ]
 From:  Hilton Travis <Hilton at QuarkAV dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Custom RDR NAT rules: How to add?
 Date:  Mon, 16 Feb 2004 14:06:00 +1000
Hi Dave,

On Mon, 2004-02-16 at 12:11, dave wrote:
> Now my question:
> We all know about the DNS overrides that need to be in place in order 
> for LAN hosts to be able to access DMZ hosts by hostname. On OpenBSD, I 
> overcame this problem with RDR NAT rules which said basically:
> rdr xl0 <public ip address> port 80 -> port 80 tcp
> Where xl0 is my LAN interface and the public ip address is whatever 
> dmz.host.com resolves to. This worked beautifully.
> How would I go about adding a similar rule using exec.php?? Is it 
> possible?

Using the features available in the webGUI, go to the "DNS Forwarder"
page, and down the bottom you'll see the "overrides" section.

Add an entry such as:
Host	Domain		IP		Description
Virgil	example.com	Virgil (in the DMZ)

> Also, is there a chance we might someday see a checkmark in the webgui 
> along the lines of "Add Server/1:1 NAT RDR rules from LAN" to accomplish 
> the same thing?

The functionality you need - DNS overrides for DMZ machines - is already
in the webGUI.

> Lastly, is there any particular reason why this might *not* be a good 
> idea? If I'm way off with this, I'd definitely like to know.

It is a good idea.  It is also implemented already.  :)



Hilton Travis                   Phone: +61-(0)7-3343-3889
Manager, Quark AudioVisual      Phone: +61-(0)419-792-394
         Quark Computers         http://www.QuarkAV.com/
(Brisbane, Australia)            http://www.QuarkAV.net/

Open Source Projects:		http://www.ares-desktop.org/

Non Linear Video Editing Solutions & Digital Audio Workstations
 Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
  Conference and Seminar AudioVisual Production and Recording

War doesn't determine who is right. War determines who is left.