[ previous ] [ next ] [ threads ]
 
 From:  Terry Yim <tallnthin17 at yahoo dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] NAT between OPT1 and LAN
 Date:  Fri, 12 Nov 2010 13:32:09 -0800 (PST)
David,

Thank you for your suggestion.

The idea of doing the NAT is to prevent the user in OPT1 to see/know the LAN's IP subnet through the
printer IPs.  I was trying to tie down the security.

Luckily, the printers have the option to put in a default GW, which is the m0n0wall LAN interface
10.31.0.10.

I shall try taking out the NAT rules and see how m0n0wall behaves.

-Terry

--- On Thu, 11/11/10, David Burgess <apt dot get at gmail dot com> wrote:

> From: David Burgess <apt dot get at gmail dot com>
> Subject: Re: [m0n0wall] NAT between OPT1 and LAN
> To: 
> Cc: m0n0wall at lists dot m0n0 dot ch
> Date: Thursday, November 11, 2010, 7:36 PM
> On Thu, Nov 11, 2010 at 12:48 PM,
> Terry Yim <tallnthin17 at yahoo dot com>
> wrote:
> 
> > I have a user on OPT1 (10.79.0.10) that needs to
> access 3 printers inside the LAN (10.31.0.40-10.31.0.42).

> (10.79.0.40 -> 10.31.0.40 and so on) with proxy ARP on
> all those IPs.
> 
> 
> If the printers are or can be configured with a default
> route (which
> they would get from dhcp if they're using it), then there
> is no need
> to set up a single NAT rule for this. Save yourself the
> trouble.
> 
> If the network printers won't take a default gateway then
> you need new printers.
> 
> db
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>