[ previous ] [ next ] [ threads ]
 From:  Joe Lagreca <lagreca at gmail dot com>
 To:  "C. Falconer" <cfalconer at avonside dot school dot nz>
 Cc:  Monowall List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Nat behind a NAT a bad idea?
 Date:  Sun, 8 Aug 2004 16:28:36 -0700
Are you suggesting having two m0n0walls?  That is an interesting idea,
but I would rather just have one.

Or are you just suggesting I do a 1:1 for some machines and NAT for
others using one m0n0wall?

I have 5 public ip's that I can use.  I use one for my own NAT'ed
network in the office.  So that leaves me with 4 other public IP's.  I
can use one more of those for all my clients who don't need their own
public IP.  That leaves me with 3 public IP's that I can give to
customers who want their own IP.  This is where it gets tricky....I
only have 1 wireless access point to connect to all of my clients that
will be on the roof.  So would I have to run two ethernet cables to
the AP, 1 from OPT1 for NAT'ed clients and another from OPT2 for
public IP clients?  Will that cause a network loop?



On Mon, 09 Aug 2004 09:12:00 +1200, C. Falconer
<cfalconer at avonside dot school dot nz> wrote:
> Why do you need two nats?
> How about
> ISP----Mono as router-------your box (routed IP, not nat)
>                     +------your other box (routed IP, not nat)
>                     +------your other other box (routed IP, not nat)
>                     +------Mono doing NAT
>                                 +-----------Other user #1
>                                 +-----------Other user #2
>                                 +-----------Other user #n
> I don't know if mono can route some IPs and NAT other IPs...  Someone else
> can answer that.
> -----Original Message-----
> From: Joe Lagreca [mailto:lagreca at gmail dot com]
> Sent: Saturday, 7 August 2004 5:59 a.m.
> To: Monowall List
> Subject: [m0n0wall] Nat behind a NAT a bad idea?
> I have a /29 network with 5 useable external IP addresses.  I want to share
> my connection with others.  However I expect more than 5 other people
> wanting to share my connection, so I will need some sort of NAT incorporated
> into my design.  I am using m0n0wall as my main gateway, and off the shelf
> wireless routers at each users location.
> While laying out my network, I repeatedly ended up with a NAT behind a NAT
> design.  I wasn't sure if that was an acceptable or poor design. I've read
> of others doing this (that doesnt necesarily make it
> correct) and was wondering what others thought about it.
> If I do use it in my design, what sort of problems should I expect and how
> can I overcome them?
> Joe
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch