On the NAT page:
On the Server NAT tab add the .210 address Give it a description to help you
remember why you did this.
On the Inbound tab add a NAT with the following:
External address: The drop down will now include the .210 address
External port range from: (other) 3389
to: (other) 3389
NAT IP: Internal IP of your Server (i.e. 192.168.1.10)
Local port: (other) 3389
Description: (put something to help you remember what this is for...)
Check the "Auto-add a firewall rule to permit traffic through this NAT rule"
On the Proxy ARP page:
Add "Single Address" (i.e. .210) Give it a good description.
That should do it. If you do not intend to use .211 and .212 you do not need
to add them to the Proxy ARP page. You also might want to create an alias.
This will allow you to use a simple name (like "Win2k3" or server name)
instead of an IP in the NAT IP above. If you need to change the internal IP
you just edit the alias
James W. McKeand
From: Fantuzzi SAS [mailto:fantuzzilorenzo at tuttopmi dot it]
Sent: Friday, September 24, 2004 10:27 AM
To: James W. McKeand
Subject: Re: [m0n0wall] Static public IP, m0n0 and terminal server
many thanks for your answer , of course these are not really my public
Now I would like to ask you some other tips about my m0n0 configuration.
I think to use the 3th static Ip address (184.108.40.206) for connect a
remote pc to my win2003 (192.168.1.10) server of my internal lan.
M0n0 will do the Nat from 220.127.116.11 to 192.168.10, right ?
But there I must put 18.104.22.168 in m0n0 configuration to do this ?
I don't need to use the other static public Ip addresses (.211 and .212)
----- Original Message -----
From: "James W. McKeand" <james at mckeand dot biz>
To: "'Fantuzzi SAS'" <fantuzzilorenzo at tuttopmi dot it>
Cc: <m0n0wall at lists dot m0n0 dot ch>
Sent: Friday, September 24, 2004 3:52 PM
Subject: RE: [m0n0wall] Static public IP, m0n0 and terminal server
> First of all - *NEVER* give out real public IPs. Just good practice to
> obscure the IP (use x.y.z.208 for example) when communicating to a list.
> a good guy, I cannot speak for everyone who receive mail from the list. I
> want to think that everyone is a good guy, but that would be naive. Off
> soap box on to the questions...
> Assuming that the subnet information you gave is correct (does not make
> sense to me - see below) and your router is .208. You are correct on
> assigning .209 with a /32 subnet to the WAN interface of your m0n0wall
> .208 as your gateway.
> I would use Server NAT, this allows additional External IPs in inbound
> Then set a inbound NAT for an external IP to port 3389 on the Win2003
> Internal IP (this would need to be static). Don't forget to auto-create
> firewall rule! ;-) You could also add any other inbound traffic you need
> the server - SMTP, DNS, HTTP, HTTPS, etc.
> I believe that your config is the type that needs Proxy ARP. I would set
> for the range .210-.212. I don't think you have a "subnet routed to you"
> standard subnetting rules do not allow the range you specify. With a 28,
> or 30 bit mask (last octet of mask is 240, 248, 252 respectively) the IP
> ending with .208 turns out to be a network ID (i.e. cannot use). Then
> you know this, you did state that you have 32 bit masks for the IPs
> by your provider.
> As always, if I am incorrect - someone correct me...
> James W. McKeand
> -----Original Message-----
> From: Fantuzzi SAS [mailto:fantuzzilorenzo at tuttopmi dot it]
> Sent: Friday, September 24, 2004 1:52 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] Static public IP, m0n0 and terminal server
> I have my static public Ip addresses (range 22.214.171.124-212) (Subnet
> The router has now the LAN address 126.96.36.199 I think to put this
> address in m0n0 WAN interface, static Ip configuration, Gateway. And put
> another of my Ip addresses, maybe 188.8.131.52 in WAN interface, static
> configuration, Ip address with subnet /32.
> I need to access my Win2003 server from remote wan by terminal server.
> So I think to use 1:1 nat and hand .210-212 to internal lan machines, and
> open port 3389 in Nat section of m0n0 I am doing any mistakes or this is
> right configuration ?
> Many thanks and kind regards,