|
||||||||
David, Thank you for your suggestion. The idea of doing the NAT is to prevent the user in OPT1 to see/know the LAN's IP subnet through the printer IPs. I was trying to tie down the security. Luckily, the printers have the option to put in a default GW, which is the m0n0wall LAN interface 10.31.0.10. I shall try taking out the NAT rules and see how m0n0wall behaves. -Terry --- On Thu, 11/11/10, David Burgess <apt dot get at gmail dot com> wrote: > From: David Burgess <apt dot get at gmail dot com> > Subject: Re: [m0n0wall] NAT between OPT1 and LAN > To: > Cc: m0n0wall at lists dot m0n0 dot ch > Date: Thursday, November 11, 2010, 7:36 PM > On Thu, Nov 11, 2010 at 12:48 PM, > Terry Yim <tallnthin17 at yahoo dot com> > wrote: > > > I have a user on OPT1 (10.79.0.10) that needs to > access 3 printers inside the LAN (10.31.0.40-10.31.0.42). > I have created 3 NAT rule on the OPT1 interface > (10.79.0.40 -> 10.31.0.40 and so on) with proxy ARP on > all those IPs. > > > If the printers are or can be configured with a default > route (which > they would get from dhcp if they're using it), then there > is no need > to set up a single NAT rule for this. Save yourself the > trouble. > > If the network printers won't take a default gateway then > you need new printers. > > db > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > |