[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  "'Fantuzzi SAS'" <fantuzzilorenzo at tuttopmi dot it>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Static public IP, m0n0 and terminal server
 Date:  Fri, 24 Sep 2004 14:31:14 -0400
On the NAT page:
On the Server NAT tab add the .210 address Give it a description to help you
remember why you did this.

On the Inbound tab add a NAT with the following:
Interface:  WAN
External address: The drop down will now include the .210 address
Protocol:  TCP 
External port range from:    (other) 3389  
                      to:    (other) 3389  
NAT IP: Internal IP of your Server (i.e. 192.168.1.10)
Local port:  (other) 3389 
Description: (put something to help you remember what this is for...)
Check the "Auto-add a firewall rule to permit traffic through this NAT rule"
check box.

On the Proxy ARP page:
Add "Single Address" (i.e. .210) Give it a good description.

That should do it. If you do not intend to use .211 and .212 you do not need
to add them to the Proxy ARP page. You also might want to create an alias.
This will allow you to use a simple name (like "Win2k3" or server name)
instead of an IP in the NAT IP above. If you need to change the internal IP
you just edit the alias

Good luck.

_________________________________
James W. McKeand


-----Original Message-----
From: Fantuzzi SAS [mailto:fantuzzilorenzo at tuttopmi dot it] 
Sent: Friday, September 24, 2004 10:27 AM
To: James W. McKeand
Subject: Re: [m0n0wall] Static public IP, m0n0 and terminal server

Hello James,
many thanks for your answer , of course these are not really my public
static Ip.
Now I would like to ask you some other tips about my m0n0 configuration.
I think to use the 3th static Ip address (222.217.42.210) for connect a
remote pc  to my win2003 (192.168.1.10) server of my internal lan.
M0n0 will do the Nat from 222.217.42.210 to 192.168.10, right ?
But there I must put 222.217.42.210 in m0n0 configuration to do this ?
I don't need to use the other static public Ip addresses (.211 and .212)
Kind regards,

Fabio





----- Original Message -----
From: "James W. McKeand" <james at mckeand dot biz>
To: "'Fantuzzi SAS'" <fantuzzilorenzo at tuttopmi dot it>
Cc: <m0n0wall at lists dot m0n0 dot ch>
Sent: Friday, September 24, 2004 3:52 PM
Subject: RE: [m0n0wall] Static public IP, m0n0 and terminal server


> First of all - *NEVER* give out real public IPs. Just good practice to
> obscure the IP (use x.y.z.208 for example) when communicating to a list.
I'm
> a good guy, I cannot speak for everyone who receive mail from the list. I
> want to think that everyone is a good guy, but that would be naive. Off
the
> soap box on to the questions...
>
> Assuming that the subnet information you gave is correct (does not make
> sense to me - see below) and your router is .208. You are correct on
> assigning .209 with a /32 subnet to the WAN interface of your m0n0wall
using
> .208 as your gateway.
>
> I would use Server NAT, this allows additional External IPs in inbound
NAT.
> Then set a inbound NAT for an external IP to port 3389 on the Win2003
> Internal IP (this would need to be static). Don't forget to auto-create
> firewall rule! ;-) You could also add any other inbound traffic you need
for
> the server - SMTP, DNS, HTTP, HTTPS, etc.
>
> I believe that your config is the type that needs Proxy ARP. I would set
it
> for the range .210-.212. I don't think you have a "subnet routed to you"
as
> standard subnetting rules do not allow the range you specify. With a 28,
29,
> or 30 bit mask (last octet of mask is 240, 248, 252 respectively) the IP
> ending with .208 turns out to be a network ID (i.e. cannot use). Then
again
> you know this, you did state that you have 32 bit masks for the IPs
supplied
> by your provider.
>
> As always, if I am incorrect - someone correct me...
>
> _________________________________
> James W. McKeand
>
>
> -----Original Message-----
> From: Fantuzzi SAS [mailto:fantuzzilorenzo at tuttopmi dot it]
> Sent: Friday, September 24, 2004 1:52 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] Static public IP, m0n0 and terminal server
>
>
> I have my static public Ip addresses (range 222.217.42.208-212) (Subnet
mask
> 255.255.255.255)
> The router has now the LAN address 222.217.42.208 I think to put this
> address in m0n0 WAN interface, static Ip configuration, Gateway. And put
> another of my Ip addresses, maybe 222.217.42.209 in WAN interface, static
Ip
> configuration, Ip address with subnet /32.
> I need to access  my Win2003 server from remote wan by terminal server.
> So I think to use 1:1 nat and hand .210-212 to internal lan machines, and
> open port 3389 in Nat section of m0n0 I am doing any mistakes or this is
the
> right configuration ?
>
> Many thanks and kind regards,
>
> Fabio
>
>
>
>
>