[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Adrian Wiesmann <awiesmann at swordlord dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Question concerning 1:1 NAT / DMZ
 Date:  Sat, 18 Oct 2003 10:22:38 +0200 (CEST)
On Sat, 18 Oct 2003, Adrian Wiesmann wrote:

> - Is there any plan to introduce some DMZ handling in the main m0n0wall
> release? (Would be very usable to have the 3rd interface active too. DMZ
> handling would be very easy like that...)

Umm, excuse me? You can have as many so-called optional interfaces as you
want, just use the console menu "assign network ports" to make them
active. What you call them is up to you - in earlier m0n0wall versions,
there was just LAN, WAN and a fixed DMZ interface - now you can have as
many of them as you want.

> - In the configuration in m0n0wall: Firewall:NAT in the 1:1 tab, there is
> some comment, that the defined rules will not be set active unless the WAN
> interface's adress is static. This is not true and very much missleading.
> I had some very nice and hard trackable behaviour because of this.

Sorry, but give me a break... I'll revise the comment to say that they
won't be active if the WAN interface is configured via DHCP (because
dhclient likes to throw away all aliases when it's run on an interface).
PPPoE and PPTP should work.

> - Can I set multiple 1:1 NAT definitions from multiple external adresses
> to one single internal address?

That should work, yes.

- Manuel