Server NAT with multiple IPs allows too much traffic

From:	Steve Yates <steve at teamITS dot com>
To:	"m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
Subject:	Server NAT with multiple IPs allows too much traffic
Date:	Wed, 11 Aug 2010 12:31:13 -0500

I'm working on setting up a second IP address in m0n0wall v1.32.  So far the NAT redirections for
it seem to be working fine, however, connections on the second IP that are not supposed to work are
getting redirected as if they are coming in on the first IP address.  For instance, a connection on
port 25 on the second IP is behaving as if it is coming in on the first IP, instead of being
rejected as I would expect.

	The setup:

- Server NAT has the second IP address set up
- Proxy ARP has the second IP address set up
- inbound NAT rule is set on "interface address" for port 25

Is the correct way to "solve" this to add the original IP to the Server NAT area, and update those
NAT rules to use that IP instead of "interface address," or should I set a firewall rule to block
traffic for port 25 on the second IP?

	One other possible clue...if I ping the second IP from the WAN, I get either "Destination Host
Unreachable" or:

PING x.x.x.43 (x.x.x.43) from x.x.x.1: 56 data bytes
36 bytes from x.x.x.42: Redirect Host(New addr: x.x.x.43)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 c00b   0 0000  40  01 3854 x.x.x.1  x.x.x.43 



Thanks,
Steve