First of all - *NEVER* give out real public IPs. Just good practice to
obscure the IP (use x.y.z.208 for example) when communicating to a list. I'm
a good guy, I cannot speak for everyone who receive mail from the list. I
want to think that everyone is a good guy, but that would be naive. Off the
soap box on to the questions...
Assuming that the subnet information you gave is correct (does not make
sense to me - see below) and your router is .208. You are correct on
assigning .209 with a /32 subnet to the WAN interface of your m0n0wall using
.208 as your gateway.
I would use Server NAT, this allows additional External IPs in inbound NAT.
Then set a inbound NAT for an external IP to port 3389 on the Win2003
Internal IP (this would need to be static). Don't forget to auto-create
firewall rule! ;-) You could also add any other inbound traffic you need for
the server - SMTP, DNS, HTTP, HTTPS, etc.
I believe that your config is the type that needs Proxy ARP. I would set it
for the range .210-.212. I don't think you have a "subnet routed to you" as
standard subnetting rules do not allow the range you specify. With a 28, 29,
or 30 bit mask (last octet of mask is 240, 248, 252 respectively) the IP
ending with .208 turns out to be a network ID (i.e. cannot use). Then again
you know this, you did state that you have 32 bit masks for the IPs supplied
by your provider.
As always, if I am incorrect - someone correct me...
James W. McKeand
From: Fantuzzi SAS [mailto:fantuzzilorenzo at tuttopmi dot it]
Sent: Friday, September 24, 2004 1:52 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Static public IP, m0n0 and terminal server
I have my static public Ip addresses (range 126.96.36.199-212) (Subnet mask
The router has now the LAN address 188.8.131.52 I think to put this
address in m0n0 WAN interface, static Ip configuration, Gateway. And put
another of my Ip addresses, maybe 184.108.40.206 in WAN interface, static Ip
configuration, Ip address with subnet /32.
I need to access my Win2003 server from remote wan by terminal server.
So I think to use 1:1 nat and hand .210-212 to internal lan machines, and
open port 3389 in Nat section of m0n0 I am doing any mistakes or this is the
right configuration ?
Many thanks and kind regards,