[ previous ] [ next ] [ threads ]
 
 From:  "Jason J. Ellingson" <jason at ellingson dot com>
 To:  "'Mads Westermann'" <Mads at Westermann dot dk>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Newbie - NAT Question
 Date:  Thu, 14 Oct 2004 19:24:42 -0500
Your LAN should be NATed (10.45.1.x) and the Opt1 should be bridged with the
WAN.

Make sure bridged filtering is turned on (System | Advanced). 
------------------------------------------------------------
Jason J Ellingson
Technical Consultant

615.301.1682 : nashville
612.605.1132 : minneapolis

www.ellingson.com
jason at ellingson dot com

-----Original Message-----
From: Mads Westermann [mailto:Mads at Westermann dot dk] 
Sent: Thursday, October 14, 2004 4:54 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Newbie - NAT Question

For 3 consequtive days I have been fighting to get m0n0wall up and running
to replace my old PIX and I cannot figure out what I'm doing wrong.

The setup is as follows:

m0n0wall on an old PIII, 600 Mhz with 3 NIC's (fxp0, xl0 and xl1) fxp0 is my
WAN, xl0 is my OPT1 interface and xl1 is my LAN interface.

I have 80.120.x.224/28 as public IP-addresses that are routed by my ISP to
80.52.xx.154 which is my WAN IP address. Default route for the WAN is
80.52.xx.153.

What I want to achieve is to have 80.120.x.224/28 adresses on the LAN
without any NAT but with firewalling. On the OPT1 interface I want to have a
class C 10.45.1.x network and I want to be able to access the internet from
both these internal networks just as I want to be able to access the LAN
network from the OPT1 network and vice-versa. I.o.w. the OPT1 network should
be NAT'd.

As soon as I have the above working I would like to do traffic shaping on
the LAN to reserve bandwidth for VoIP and next step will be to allow outside
access using PtPP or IPSec.

What I have tried so far is to assign the 80.120.x.225 to my LAN NIC and
80.52.xx.154 to my WAN. The OPT1 is configured to 10.45.1.1. Trying to ping
through this was unsuccessful and likewise with advanced outbound NAT
enabled.

If someone can guide me in the right direction I'd be a very happy man.

Best regards

Mads Westermann  | Tel.  +45 4871 4457      | Most people have a desire 
Bylyngen 38,     | GSM   +45 4057 4557      | to look at the exception 
Blistrup         | Fax   +45 4871 8857      | instead of a desire to be 
DK-3230 Graested |                          | exceptional. 
Denmark          | Email Mads at Westermann dot dk |         - John C. Maxwell 



---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch