[ previous ] [ next ] [ threads ]
 From:  Juergen Moellenhoff <jm at oic dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  How to configure MonoWall for public IPs on LAN/DMZ?
 Date:  Thu, 25 Mar 2004 17:03:15 +0100

I searched the mailing list and saw that it's possible to turn off the 
NAT-Feature of MonoWall so that I can use public IPs on the LAN/DMZ 
interface (with Smoothwall or IPCop I can't do this) and now I just try 
to figure out how to configure everything correctly (I'm a network noob :)).

My net/configuration for MonoWall looks like this:

Net:      xxx.xxx.240.0
Netmask: or /25
Range:    xxx.xxx.240.1 to xxx.xxx.240.126
LAN-IP    xxx.xxx.240.1

Net:      xxx.xxx.233.8
Netmask: or /30
Gateway:  xxx.xxx.233.9
WAN-IP:   xxx.xxx.233.10

I thought to cut some IPs from the LAN-Net for the DMZ for example the 
range from xxx.xxx.240.113 to xxx.xxx.240.126 (Net xxx.xxx.240.112, 
Netmask or /28) but I don't know if this really works 
because the LAN has still the range from 1 to 126 through the /25 mask 
and when I use a /26 mask the range is to small, is there another 
solution or is it not a problem at all?

For the "rest" I just have to turn on "Enable advanced outbound NAT" so 
that MonoWall uses no NAT, right? And then I can add rules to Block/Pass 
traffic for LAN/DMZ/WAN?

Is this in short the way I can configure MonoWall for public IPs on 
LAN/DMZ or is there something I missed? I'm open for any suggestions 
especially for the DMZ part .