News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: Server NAT Setup
Pages: [1]
Topic: Server NAT Setup  (Read 1770 times)
« on: May 13, 2008, 02:37:05 »
MTecknology *
Posts: 2
First the problem -

I can't get my external IP's to be usable. When I try to Inbound NAT the traffic using the m0n0wall IP, everything works. When I try to NAT everything the exact same way using one of my external IP's, it doesn't work. I've given the system over one week to sync w/ PrarieWave since I was out of town for a while.

I imagine I'm just missing something retartedly simple.

Thanks,


Then the details -

I have three interfaces: WAN/LAN/OPT1
WAN:
   IP Address: 24.111.173.18/29
   Gateway: 24.111.173.17
   DNS 1: 24.220.0.10
   DNS 2: 24.220.0.11

LAN:
   IP Address: 192.168.1.1/24

OPT1:
   IP Address: 192.168.0.124
   Bridge with: none

Server NAT:
   24.111.173.19   profarius
   24.111.173.20   vindico
   24.111.173.21   kabbalah
   24.111.173.22   redbull

Inbound NAT:
   WAN      TCP      80 (HTTP)      192.168.0.12 (ext.: 24.111.173.21)    80 (HTTP)    kabbalah: http

That is one of the Inbound NAT rules. I also 443, 22, and many more.
« Reply #1 on: May 13, 2008, 12:51:44 »
markb ****
Posts: 331
There are I believe 2 ways to do what you want.  The most popular when you have an external subnet like you have is to have the OPT1/DMZ interface bridged with the WAN interface.  This way your external IP addresses are used in your DMZ, look here for more info.  The other way which more closely represents your existing setup, is to use Proxy ARP.  For more info on this, look at this, Section 4.5.5 and also here

I would use the first way as you have a DMZ subnet.

Hope this helps
« Reply #2 on: May 13, 2008, 15:37:45 »
MTecknology *
Posts: 2
hrm... This is the first time I used these forums. I have to say I really like the sleek design as well as logged in options vs. not logged in options.

I stuck with Proxy ARP because is seemed like the easiest thing to impliment and I did it over a PPTP connection. It worked 100% flawlessly to add those IP's to Proxy ARP.

I'm looking at the DMZ option. Would this setup require each server to have its own IP or could I split this up one IP to two servers?

Thanks,
-Mike
« Reply #3 on: May 13, 2008, 17:54:01 »
ChainSaw
Guest
Server NAT will allow you forward ports to any internal private IP and requires NAT and WAN rules.  1:1 NAT requires only WAN rules and NATs all ports to the same server.  I don't beleive you can Traffic Shape a Bridged Interface so I seldom use it unless I need public IP on my servers and can live without TS.

CS...
« Last Edit: May 13, 2008, 17:56:06 by ChainSaw »
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines