[ previous ] [ next ] [ threads ]
 
 From:  Falcor <falcor at netassassin dot com>
 To:  Andy Chan <andychan at ziptexhk dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] NAT Port Mapping and Bind more IP to WAN
 Date:  Sat, 20 Mar 2004 10:44:24 -0600
to add a new ARP address to the WAN...
1.) on the menu under firewall select NAT
2.) Select the server NAT tab
3.) click the plust icon
4.) in External IP enter the additional WAN ip address here.
5.) Do enter a description.
6.) Select Save
7.) Select to apply changes

Now go do a proxy ARP so your upstream gets an ARP from your firewall
and thus routes traffic to you. (unless of course you have a subnet
directed at you from the upstream and then this is moot.)
1.) Under Services on the menu select Proxy ARP
2.) Click the plus icon
3.) Select single address
4.) Enter the same address you use in step 4 in the process above
5.) description, use one.
6.) Save
7.) Apply Changes

Okay you are all set. Now if you want to do outbound natting to this IP
you will need to manually setup those rules. Otherwise the firewall will
use the outbound NAT to the primary WAN IP address. What we did will
work for inbound traffic no problem, just make firewall rules allowing
those redirections... see previous post for those directions.

Andy Chan wrote:

>Dear all,
>
>I have try many time to configure the NAT Port Mapping, but I fail in configure it.
>
>                        203.128.248.6                              192.168.1.1                 
192.168.1.2
>Internet ---------------WAN Port---------m0n0wall----------LAN Port-----------------------PCs
>                        Port:5900                                  Port:5900
>
>
>I configure "NAT -> Inbound" and clock "Auto-add a firewall rule to permit traffic through this NAT
rule. after all, I try to connect using "VNC Viewer". But I can't success. Please advice
>
>I also have other question, how to configure WAN Port to contain more than 1 WAN IPaddress. I check
the mailing list. Please advice.
>
>
>
>
>
>Best Regards,
>Andy Chan
>
>  
>