Hi --
I have a question that I suspect has a simple answer, but I'm not quite sure how to do this.
We have DMZ and LAN addresses behind our Monowall. In the DMZ are webservers, mail servers, DNS, etc. In the Outbound NAT we have something like this:
168.30.0.0/16 * * (LAN addresses) 168.33.53.0/24 * * (DMZ addresses)
Our external range of IPs are different and currently our DMZ mail server's email goes out with its IP address the same as the Monowall's IP's.
If I want to make it such that the mail server's IP is not NAT'ed to the firewall's address and so the world will see it's own unique external IP address, how do I do that? How do I make an exception for one machine when everything else on that particular class C range is NAT'ed.
Thanks for the help!
|