[ previous ] [ next ] [ threads ]
 
 From:  bmah at acm dot org (Bruce A. Mah)
 To:  Manuel Kasper <mk at neon1 dot net>
 Cc:  Federico Krum <federico at thehost dot com dot ar>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Biginner:Multiples WAN IPs
 Date:  Sun, 24 Aug 2003 16:17:01 -0700
If memory serves me right, Manuel Kasper wrote:
> On Sun, 24 Aug 2003, Federico Krum wrote:
> 
> > 1) Is there a way to make mOnOwall listen to multiple IP over the WAN
> > and forward them to stecific IPs over the LAN servers ?
> 
> 1:1 NAT is probably what you're looking for. Or if they have public IPs,
> you can make do without NAT at all (i.e. turn it off).
> 
> > 2) I own a rack in a datacenter with 9 servers, eachone with a public
> > ip. Im looking for a firewall to protect this 9 CPUs. These servers do
> > dns,ftp, http...etc and they have to be able to conect to each other
> > throw their host name and not their private IP. For this reason I quit

> 
> Connect all of them to a switch, hook up m0n0wall to it, set up the subnet
> mask/default gateway on all of your servers correctly, then set up BIND on
> one of your servers or use the DNS forwarder in m0n0wall to map host names
> to IP addresses... Something like that should do the trick.

It sounds to me like the OP may want my filtering bridge patches for
m0n0wall.  This lets the servers use their public IP addresses for
everything, no NAT or other addressing hacks required, but they get the
benefit of m0n0wall's "normal" stateful firewall rules.

Basically, apply the filtering bridge patches to m0n0wall, put the
m0n0wall box between the servers' switch and the uplink, bridge the
interface facing the servers with the WAN port, set up firewall rules to
permit whatever desired traffic on the WAN port, and you're done.  This
should be totally transparent to the servers.

Bruce.