[ previous ] [ next ] [ threads ]
 From:  Kai Dittmann <kd dash news at devnull dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  InBound NAT based on Source-IP (Host or Range) ?
 Date:  Thu, 06 May 2004 11:54:04 +0200

just a quick Question, due to the Fact, that i don't
found anything regarding this issue in the Archive:

Is it possible, to set up an Source-IP based (P)NAT
(InBound) on m0n0 like found on IPcop or Smoothwall ?

Host-A on Internet connects to m0n0-ExtIF, Port 1701/UDP (L2Sec)
and will be translated to a given Server, called A in the DMZ.

Host-B on Internet connects to m0n0-ExtIF, also Port 1701/UDP
and will be translated to a *different* Server, called B on a
*different* DMZ behind m0n0.

Net-C on Internet connects same way to m0n0, but should be
Translated to a *third* Server in the first DMZ........

With Smoothwall and/or IPcop it's possible, to setup a NAT,
based on the Source-IP's or Source-IP Ranges from Hosts on
the Internet.


BTW: This is _really_ the last missing Feature, that holds me on
Platforms based on IPcop or Smoothwall. Everything else fits quite
perfect for the given Setup here!

If this is possilble, i have to change immediately all our Gateways
away from thoose two implementations above to m0n0. IPcop and Smooth
are great products, but for my meaning and understanding of Firewalls,
way too oversized...   i don't need a Squid, Snort or other things in
my Border-Gateways/Firewalls. This stuff is placed dedicated behind
the Wall's in a Router-LAN.