|
||||||||
I've got a broadband Internet connection with a static IP address. I also purchased a /29 subnet from my ISP. My static IP is xx.xx.xx.20/26 with a gateway of xx.xx.xx.62. My /29 subnet is xx.xx.xx.81-86. (Yes, all the x's represent the same numbers.) I've got one inbound NAT for port 22 on a machine in the LAN. I've tried bridging my DMZ nic with the WAN nic, with & without filtering. I've tried using 192.168.2.* on the DMZ and doing 1:1 NAT. I've tried Server NAT. I've tried each combination with & without Proxy ARP. The only time the xx.xx.xxx.82 comes back with anything, it connects to the inbound NAT port 22 going to the LAN machine. I can't get this to work! I know I can do 1:1 NAT if I put my servers in my LAN, but that's not a Good Idea(tm). Can anyone give me some assistance, please? Kevin P.S. - Here's my config file, as of right now: <?xml version="1.0"?> <m0n0wall> <version>1.4</version> <system> <hostname>m0n0wall</hostname> <domain>home.bogus</domain> <dnsallowoverride/> <username>admin</username> <password>************</password> <timezone>America/Denver</timezone> <time-update-interval>300</time-update-interval> <timeservers>ntp1.tummy.com</timeservers> <webgui> <protocol>http</protocol> <port/> <certificate/> <private-key/> </webgui> <dnsserver>xx.x.xxx.210</dnsserver> <dnsserver>xx.x.xxx.206</dnsserver> </system> <interfaces> <lan> <if>rl0</if> <ipaddr>192.168.1.1</ipaddr> <subnet>24</subnet> </lan> <wan> <if>rl2</if> <blockpriv/> <spoofmac/> <mtu/> <ipaddr>xx.xx.xxx.20</ipaddr> <subnet>26</subnet> <gateway>xx.xx.xxx.62</gateway> </wan> <opt1> <if>rl1</if> <descr>DMZ</descr> <ipaddr>xx.xx.xxx.81</ipaddr> <subnet>29</subnet> <bridge/> <enable/> </opt1> </interfaces> <staticroutes/> <pppoe/> <pptp/> <dyndns> <type>dyndns</type> <username/> <password/> <host/> <mx/> </dyndns> <dhcpd> <lan> <enable/> <range> <from>192.168.1.100</from> <to>192.168.1.199</to> </range> </lan> </dhcpd> <pptpd> <mode/> <redir/> <localip/> <remoteip/> </pptpd> <dnsmasq> <enable/> <regdhcp/> <hosts> <host>bigblue</host> <domain>home.bogus</domain> <ip>192.168.2.22</ip> <descr>freebsd</descr> </hosts> <hosts> <host>gatewaypc</host> <domain>home.bogus</domain> <ip>192.168.1.4</ip> <descr>Gentoo RAID Jukebox and Print Server</descr> </hosts> </dnsmasq> <snmpd> <syslocation/> <syscontact/> <rocommunity>public</rocommunity> </snmpd> <diag> <ipv6nat> <ipaddr/> </ipv6nat> </diag> <bridge/> <syslog> <reverse/> <nentries>50</nentries> <remoteserver/> <nologdefaultblock/> </syslog> <nat> <rule> <protocol>tcp</protocol> <external-port>22</external-port> <target>192.168.1.4</target> <local-port>22</local-port> <descr>access to gatewaypc</descr> </rule> <rule> <protocol>tcp</protocol> <external-port>443</external-port> <target>192.168.1.4</target> <local-port>22</local-port> <descr>firewall-safe access to ssh</descr> </rule> </nat> <filter> <rule> <interface>wan</interface> <protocol>tcp</protocol> <source> <any/> </source> <destination> <address>192.168.1.4</address> <port>22</port> </destination> <descr>NAT access to gatewaypc</descr> </rule> <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp</protocol> <source> <any/> <port>6881-6889</port> </source> <destination> <network>lan</network> <port>6881-6889</port> </destination> <descr>bittorrent</descr> </rule> <rule> <type>pass</type> <descr>Default LAN -> any</descr> <interface>lan</interface> <source> <network>lan</network> </source> <destination> <any/> </destination> </rule> </filter> <shaper/> <ipsec/> <aliases/> <proxyarp> </proxyarp> </m0n0wall> |