Firewall/NAT

We have multiple public IP addresses assigned from our ISP but to date we've only ever managed to get one working through the Monowall as I'm sure you can imagine this is a real pain as we have to apply port based rules and append port numbers to IIS sites etc to make them available externally.

I'm assumed I'd need to create a 1:1 NAT rule, for example:

Ext 213.122.69.54/32               Int 192.168.0.10/32

I've been testing this and no matter what I do, Use proxy Arp, Any any rule as a test etc I can never get the NAT rule to work.

I then opted for Server NAT and Inbound NAT combination, again with no luck.

I'm a missing something fundamental?

make sure you add a proxy ARP range for all the public IPs you want m0n0wall to handle.  Also, you don't need a proxy ARP entry for the public IP you have assigned to the WAN.

add a WAN rule to allow ICMP Echo and from another location see if you can ping all your public IPs.

if all that checks out OK, add a 1:1 NAT rule to map each public IP to a unique private IP.

add a WAN pass rule fore each port to each private IP.

Hope that helps.

Roy...

Ah  Fixed!
I think it was the Proxy Arp that got me I think!

I opted for a Server rule rather than a 1:1 as the 1:1 would leave the server exposed on all ports.

Many thanks

not true.  nothing gets through without a WAN rule!

Also, the public IP of a 1:1 NAT and not the firewall's WAN IP gets associated with your 1:1 NATed host.  If you have enough public IPs, 1:1 NAT is the way to go.