Firewall/NAT

Hi

I have 10 public IP's coming in from the WAN

WWW - Monowall - SW1(45 users) - SW2(45 users)

I have a monowall using just one of these and using dhcp/nat for giving local IP's 192.168.x.x to the aprox. 90 users on the network.

Now one guy on SW2 wants a static IP. Probably a few more would like too.

I have tried to do some reading on this site but haven't figured out yet: Is it possible to keep using dhcp/nat on the local network (192.168.x.x for the majority) and at the same time let a few computers have a public IP?

BR. Anders

DHCP Server settings page, at bottom of page use the MAC address of the computer needing a static IP to make sure that the MAC address of the computer always pull the same IP from your LAN DHCP.

In NAT rules create 1:1 rule to point public IP to the LAN IP assigned to the computer above.

Add WAN firewall rule to allow traffic coming in on the public IP to reach computer LAN IP.

If the MAC address changes you will need to update the DHCP server rule to reflect the new MAC address.


Someone else may have a different/better way of doing what you need. I have only been testing with m0n0wall for a few days but the above works for me.

Super! Thanks for your post

I actually ended up using a different router since I could not figure it out with the m0n0. But the setup you describe is better than the one I use now.

As it is now (with a different router) I have DHCP running for the entire LAN and then I have set up one extra static IP for the LAN. The end user is informed how to set up his IP for the maschine that need the static IP. But should anyone else (on LAN) be clever enough to copy his IP-settings then the could highjack his IP... This could be solved using VLANs, but I have not (and do not know howto) set that up.

In your m0n0wall setup with assigning the static IP to a MAC you have made sure that noone on LAN can copy the settings. That is great for assigning static IP's on LAN.

BR. Anders