[ previous ] [ next ] [ threads ]
 
 From:  Cam Johnson <camjohnson at yahoo dot com>
 To:  bmah at acm dot org
 Cc:  Manuel Kasper <mk at neon1 dot net>, Federico Krum <federico at thehost dot com dot ar>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Biginner:Multiples WAN IPs
 Date:  Sun, 24 Aug 2003 19:45:40 -0500
Can you please let me know here I can get these patches?

Cam Johnson

Bruce A. Mah wrote:
> If memory serves me right, Manuel Kasper wrote:
> 
>>On Sun, 24 Aug 2003, Federico Krum wrote:
>>
>>
>>>1) Is there a way to make mOnOwall listen to multiple IP over the WAN
>>>and forward them to stecific IPs over the LAN servers ?
>>
>>1:1 NAT is probably what you're looking for. Or if they have public IPs,
>>you can make do without NAT at all (i.e. turn it off).
>>
>>
>>>2) I own a rack in a datacenter with 9 servers, eachone with a public
>>>ip. Im looking for a firewall to protect this 9 CPUs. These servers do
>>>dns,ftp, http...etc and they have to be able to conect to each other
>>>throw their host name and not their private IP. For this reason I quit

>>
>>Connect all of them to a switch, hook up m0n0wall to it, set up the subnet
>>mask/default gateway on all of your servers correctly, then set up BIND on
>>one of your servers or use the DNS forwarder in m0n0wall to map host names
>>to IP addresses... Something like that should do the trick.
> 
> 
> It sounds to me like the OP may want my filtering bridge patches for
> m0n0wall.  This lets the servers use their public IP addresses for
> everything, no NAT or other addressing hacks required, but they get the
> benefit of m0n0wall's "normal" stateful firewall rules.
> 
> Basically, apply the filtering bridge patches to m0n0wall, put the
> m0n0wall box between the servers' switch and the uplink, bridge the
> interface facing the servers with the WAN port, set up firewall rules to
> permit whatever desired traffic on the WAN port, and you're done.  This
> should be totally transparent to the servers.
> 
> Bruce.
> 
>