Firewall/NAT

[External Subnet]

OK...this is for Simonetterli.

You want this to work for you, its very simple. First of all, I am sure you have a set of public IP's that you have received from yout T1/DSL provider. What you have will look somthing like this:

69.123.123.70-75 /28 (that would be the range of usable public addresses, by the way, I am making that up)
69.123.0.1 (Default GW)
68.123.123.5 (DNS1)
68.123.123.6 (DNS2)

Ok so now you have these 5 shiny new addresses that you want to run all of these neat services through. First thing to do is to decide whether you want to use 1:1 nat or server nat. If i were you, I would use 1:1 nat and the reason that I say that is because it will be much easier for you to create the rules. The down side is that you will loose your first address because it will be your WAN interface address and you cannot use it as one of the 1:1 addresses.

So now you have a server, lets say you want to use it for web serving and email serving. So you know that you will want to open ports 80, 443, 25, 110, 143. First thing to do would be to give this server an IP address on your internal segment. So if you are using 192.168.0.0/24 for you LAN segment, lets say you assign 192.168.0.10 to your new web box.

Now you get on your monowall router (which I assume you have already configured your WAN interface address of 69.123.123.70, or whatever it is) and head on over to the 1:1 nat section. Add a new rule and set the following:

External Subnet: 69.123.123.71/32 (remember u start with 71 because you used 70 as ur wan interface address)

Internal Subnet: 192.168.0.10/32 (static ip of your web/email box)

Description: Web/email server

and make sure to leave the checkbox with the auto add proxy arp rule.

Once you are done, apply the changes. Now, go over to the "rules" section and begin to add ports in order to allow your services. On the rules section, it should look somthing like this as you begin to add rules.

PROTO     SOURCE    PORT       DESTINATION      PORT            DESCRIPTION

tcp/udp       *              *             192.168.0.10      80            allow http to my web/email box
tcp/udp       *              *             192.168.0.10      25            allow smtp to my web/email box


you get the picture... and thats it. It will work. All you have to do now is go back and repeat the steps above for the rest of your public IP's.

Let me know if that helped you out or confused you.....

Eddie.

hi all i am try to set up my One-to-One NAT on my linksys. i paid linksys and they still cant do nothing for me. i want my database server to have a public IP so i can remotely log in from home or other locations.. can anyone help please!!!!!!!!

miguel

mcruz@staffstore.com

hi all i am try to set up my One-to-One NAT on my linksys. i paid linksys and they still cant do nothing for me. i want my database server to have a public IP so i can remotely log in from home or other locations.. can anyone help please!!!!!!!!

err...  this is a m0n0wall support forum. Not a place to get help for your Linksys. I think Linksys probably has their own forums.  But AFAIK, Linksys devices can't do 1:1 NAT, you need a real commercial-grade firewall (like m0n0wall) for that.