[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <gregbrown at mindspring dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] port forwarding, DHCP, and a routing question
 Date:  Wed, 18 Aug 2004 13:14:49 -0400
I think a little more detailed answer is called for.

Greg, get the CD-ROM iso and try it on a PC with 2 or 3 NICs, you'll like
it.
_________________________________
James W. McKeand

> -----Original Message-----
> From: zealot [mailto:zealot at tradersguild dot net] 
> Sent: Wednesday, August 18, 2004 11:39 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] port forwarding, DHCP, and a routing question
> 
> gregbrown at mindspring dot com wrote:
> > Does the M0n0wall software support port forwarding?  I'd 
> like requests 
> > coming from the Internet for ports 22, 80, and 443 to go to 
> a server 
> > on my private 192.168.15.0 network.  Do the firewall rules support 
> > this feature?
> 
> Yes.

Look into the NAT section of the Firewall. When you create an inbound NAT,
you have an option to automatically create a firewall rule to allow the
traffic. You also will have some options based on your WAN configuration. Do
you get multiple IPs from you ISP? If so, you may want to look at Server NAT
or 1:1 NAT.

> 
> > Also, I've read on tom's hardware that the DHCP server in 
> M0n0wall can 
> > be configured to run on as many interfaces as you would like as 
> > apposed to running on one single interface.  I think I must 
> have misread this..
> > however if I have not I would expect that with a soekris 3 
> port board I could:
> >
> > 1. have ethernet 0 connect to the Internet and NAT 
> everything destined to
> >     that port (DHCP address recieved from my ISP on Ethernet 0) 2. 
> > have ethernet 1 provide DHCP range of 192.168.17.100-254 to 
> network 1 
> > 3. have ethernet 2 provide DHCP range of 192.168.18.100-254 
> to network 
> > 2
> >
> > Is this possible?  If so, if there a simple routing 
> firewall rule that 
> > I can use to
> > state:
> 
> Yes.

In the Services -> DHCP you will have a tab for each of your "internal"
interfaces, i.e. LAN and OPTn. You can enable/disable and configure the DHCP
for each of these interfaces. I only have DHCP running on my LAN2 (I renamed
my OPT1 to LAN2), I already had a DHCP on my LAN. My LAN2 is for my home and
LAN is for my office. And each is a different subnet (172.16.123.x/24 and
192.168.123.x/24)

> 
> > Ethernet 1 sends all it's traffic to Ethernet 0 which is 
> NAT'ed to the Internet.
> > Also Ethernet 1 cannot send any data to Ethernet 2 - all 
> packets are dropped.
> 
> Yes.

The default rule on the LAN interface of allow LAN -> any would need to be
changed to allow LAN -> not LAN2. Assuming Ethernet 1 is LAN and Ethernet 2
is LAN2.

> 
> > also:
> >
> > Ethernet 2 sends all it's traffic to Ethernet 0 which is 
> NAT'ed to the Internet.
> > Also Ethernet 2 cannot send any data to Ethernet 1 - all 
> packets are dropped.
> >
> > Is this possible?
> 
> Yes.

You would need to add a rule on the LAN2 interface to allow LAN2 -> not LAN.
Same assumptions as above.

> 
> > Greg
> 
> Regards,
> z
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>