Re: [m0n0wall] HowTo multiple IP adresses on my WAN?

From:	sylikc <sylikc at gmail dot com>
To:	Joe Lagreca <lagreca at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] HowTo multiple IP adresses on my WAN?
Date:	Thu, 5 Aug 2004 12:22:56 -0700

Joe,

On Thu, 5 Aug 2004 11:13:07 -0700, Joe Lagreca <lagreca at gmail dot com> wrote:
> Would it be possible to do a 1:1 like this: xxx.xxx.xxx.147/32 ->
> 192.168.1.90   ?
> 
> Once you create the mapping, how do you create rules to allow traffic
> to come in from these IP's?  A specific example, just for testing,
> would be VNC.  I want to pass 5900 from xxx.xxx.xxx.147 to
> 192.168.1.90.  Would I just pass from the WAN, any source, source port
> 5900, destination 66.146.190.147, destination port 5900?

The rule is not source port 5900, usually source ports will be
1024-65535 for all incoming connections.  The rule that would allow a
client to VNC into your internal box would look like this:
source: any
source port: 1024-65535
dest 192.168.1.90:5900 (TCP)

As far as my understanding using other FreeBSD based products, the
destination shouldn't be your external IP but instead the one that
it's mapped to.  I don't have more than 1 IP to test with so I can't
confirm, but I'm pretty sure that's the case.  Try that out and let me
know if it works out ;)

/sylikc