Re: [m0n0wall] help do configure NAT 1:1 on the two m0n0wall boxes

From:	"Toledo" <lscrlstld at yahoo dot com dot br>
To:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] help do configure NAT 1:1 on the two m0n0wall boxes
Date:	Thu, 15 Apr 2004 13:38:28 -0300
Trying a another more simple tests, the nat 1:1 not running too..
but, when I add the "ifconfig alias" command manually (exec.php)
on the wan interface it (nat 1:1) work fine... is it a bug ?

I am using pb27r630 version,

thx

> Hi Toledo,
>
> I'm by no means an expert on this topic, but until you hear from the
> more knowledable people on the list:
>
> Seeing that 200.666.666.3 isn't your primary WAN IP, you may very well
> need to add this IP in "Proxy ARP" (but if I understand it correctly,
> the need for this depends on how your ISP does things?)
>
> I'm also guessing that one possible cause for your problems is the
> fact that you use the WAN interface on your second m0n0wall (the
> router). While I guess this might work, it really isn't what it was
> intended for (and might require certain things on both m0n0walls to be
> configured correctly?) If you have three interfaces in the second
> m0n0wall, I'd suggest you try using the OPT1 instead of WAN, this way
> m0n0wall doesn't make any assumptions about the interface.
>
> You will probably also want to enable "Advanced Outbound NAT", so you
> have full control over what gets NAT'ed and what doesn't.
>
> Finally, why not save the NAT'ing for the router, like this:
>
> On m0n0wall 1:
> Pass on WAN from any to 200.666.666.3
> Pass on LAN from 200.666.666.3 to any
>
> On m0n0wall 2:
> NAT 1:1 200.666.666.3 <-> 192.168.66.2
> Pass on WAN from any to 192.168.66.2
> Pass on LAN from 192.168.66.2 to any
>
> Dunno if this is better, just a suggestion for something to try if the
> above doesn't solve the problem.
>
> I hope any of this helps, otherwise you'll have to wait for those
> gurus to respond :)
>
>
> Regards,
>
> Adam.
>
> Toledo wrote:
> > Hi all...
> >
> > Anybody can give me a heltp to configure this network below?
> >
> >       (Internet)
> >             |
> >             |200.666.666.2 (IP WAN)
> >             |200.666.666.3 (NAT 1:1)
> >     +------------+
> >      |m0n0wall  1 |->(as firewall)
> >     +------------+
> >             | LAN/wi0 (hostap)
> >             | 192.168.1.1
> >             |
> > (Wireless link 10KM)
> >             |
> >             | WAN/wi0 (BSS)
> >             | 192.168.1.2 (no NAT)
> >    +-----------+
> >     |m0n0wall 2 |->(as router)
> >    +-----------+
> >             | LAN/xl0
> >             | 192.168.66.1
> >             |
> >             | 192.168.66.2
> >    +----------+
> >     |     my       |
> >     |   server    |
> >    +----------+
> >
> > I make this configurations, but not running....
> > - Added NAT 1:1 in the m0n0wall 1 200.666.666.3 -> 192.168.66.2
> > - Added firewall rule on the LAN in the m0n0wall 1 to pass from
192.168.66.2
> > to any
> > - Added firewall rule on the WAN in the m0n0wall 1 to pass from any to
> > 192.168.66.2
> >
> > - Added firewall rule on the WAN in the m0n0wall 2 to pass from any to
> > 192.168.66.2
> > - Added firewall rule on the LAN in the m0n0wall 2 to pass from
192.168.66.2
> > to any
> > - Disabilited all nat in the m0n0wall 2
> >
> > thks
> > Toledo
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
>