I have been reading the documentation about setting up openwrt for my home network, however I have not found anything upon the subject of Transparent NAT and multi-IP DMZ, or I found several contradictory "How To's".
my current setup is is a Thomson ST546 DSL Modem/Router, Cisco SG100D-08 with a WAP54G as the wireless access point.
My WAN is DSL PPPoE with a /28 IP block (n.n.n.176/28) I hope to split this into two /29 blocks in the future when server 2 is relocated.
I run two Centos 5.5 servers, Server 1 is my server, server 2 is a friends which I am running for him while he has his house renovated (its an old farmhouse and its taking a while).
Block 1 - network n.n.n.176; gateway n.n.n.177; reserved for future broadcast n.n.n.183
Server 1 uses addresses: DNS (Bind 9) - n.n.n.178; HTTP - n.n.n.179; HTTPS - n.n.n.180; smtp/imap - n.n.n.181
Block 2 - reserved for future network address network n.n.n.184; reserved for future gateway n.n.n.185; broadcast n.n.n.191
Server 2 uses addresses: DNS (Bind 9) - n.n.n.186; HTTP - n.n.n.187; HTTPS - n.n.n.188; smtp/imap - n.n.n.189
Non-servers systems are 3 Laptops (may use either wired or wireless connection depending upon where the kids decides to work) and 3 or 4 Desktop all these systems are on 192.168.40.1/26 (LAN1).
On the ST546 I can setup create two LAN address blocks - 192.168.40.1/26 (LAN1) and n.n.n.176/28 (LAN2), I then use 1-1 NAT to pass outside addresses through to the inside addresses (transparent NAT). The firewall is then setup to allow LAN1 -> LAN2, WAN -> LAN2, LAN1+LAN2 -> WAN all other traffic is dropped.
=====
What I want to do is create a similar setup, preferably with greater security, plus IPV6 (HE 6in4) support.
I was wondering if I should take two of the 3700s ports and make them into "DMZ1" and "DMZ2" one per server, with remaining port used for LAN.
Part of my problem is that I have not found a good explanation of how the various part os the UCI and the UCI config files hang together?
Any help appreciated.
John A
(Last edited by zzz2002 on 26 Feb 2011, 03:53)