[ previous ] [ next ] [ threads ]
 From:  "Federico Krum" <federico at thehost dot com dot ar>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Biginner:Multiples WAN IPs
 Date:  Mon, 25 Aug 2003 00:20:11 -0300
Thx Manuel for your response, but let me tell you all a short story,

I have a USR8000 broad band router. It supports only one IP at the WAN. It
can be configured to forward traffic from de WAN ports to specific private
IPs. So is the case that I have one linux apache box hearing at port 88 of
incoming trafic and an W2000Server at port 80.
My point is that the broadband router, without having a separate dns, nor
special configuration of any DNSForwarder or nothing, can make me reach the
servers from both, WAN CPUs and LAN CPUs.

Is this posible to do with m0n0wall? Is this a good thing to add to the wish
list? Because I cant find a firewall distro that can do the trick that easy.
I think this is a standard requirement for a firewall protecting servers
withmultiple public IPs.
It is necesary for me not to duplicate administrative work by mantaining 2
DNSs (1 for wan, other for lan) or filling DNSForwarder rules after changing
DNS configs.

The reason why I dont use USR8000 is because I need multiple IPs on WAN.


On Sun, 24 Aug 2003, Federico Krum wrote:

> 1) Is there a way to make mOnOwall listen to multiple IP over the WAN
> and forward them to stecific IPs over the LAN servers ?

1:1 NAT is probably what you're looking for. Or if they have public IPs,
you can make do without NAT at all (i.e. turn it off).

> 2) I own a rack in a datacenter with 9 servers, eachone with a public
> ip. Im looking for a firewall to protect this 9 CPUs. These servers do
> dns,ftp, http...etc and they have to be able to conect to each other
> throw their host name and not their private IP. For this reason I quit
> IPcop. It didn´t let me. Is m0n0wall the right product for me?

Connect all of them to a switch, hook up m0n0wall to it, set up the subnet
mask/default gateway on all of your servers correctly, then set up BIND on
one of your servers or use the DNS forwarder in m0n0wall to map host names
to IP addresses... Something like that should do the trick.

- Manuel