General Questions

Hi,

i have 5 public ip-adresses.

I want the following:

All public ip-adresses are bind to the wan-adapter.
all internal-ip-adresses are bind to the lan-port - means:

1. Public IP-adress is routed to one internal ip-adress
e.g. on the wan-port the X.X.X.226 ==> 192.168.0.1
2. Public IP-adress is routed to one internal ip-adress
e.g. on the wan-port the X.X.X.227 ==> 192.168.0.2

an so on...

BUT - on all communications NAT has to be done - and firewall-rules must match - means:

on ext. ip X.X.X.226 only http & https is allowed
on ext. ip X.X.X.227 only rdp is allowed

So - can the monowall do this ( means - can the monowall react as 5x dsl-routers ) ?

Thanxs for a note - and thanxs for the great job with the monowall..

Andy

Absolutely. To bind the external IPs you need to use Proxy ARP and then add the necessary NAT rules to pass the traffic to your LAN machines.  You can also configure the rules to let only the traffic you want from those machines to go out.  If you wish them to go out as the external IP's you will have to configure a 1:1 NAT for them.  Have a read through the Monowall handbook and you should get some info on how to do this.

Absolutely. To bind the external IPs you need to use Proxy ARP and then add the necessary NAT rules to pass the traffic to your LAN machines.  You can also configure the rules to let only the traffic you want from those machines to go out.  If you wish them to go out as the external IP's you will have to configure a 1:1 NAT for them.  Have a read through the Monowall handbook and you should get some info on how to do this.

OK - short question: Why Proxyarp - what has arp to do with the external ips?

They are given to me by the isp...

I only want to get 5xips on the wan-port...

Short explanation, what you mean with proxyarp - i don´t see the realtion with arp-adresses and my whises - or i am blind :-)

Thanxs!

Andy

adding Proxy ARP entries tells your WAN interface that you have more than one public IP assigned to it.  then NAT, Server NAT and 1:1 NAT direct incoming connections to the correct private IP on your LAN or OPT interfaces.

CS...