EDIT: I know how to use NAT, I specifically want the server to be reachable on two IP's, one private, one public, with the firewall of the OpenWRT in between, if feasible.
At the office we have recieved a /29 from our ISP. The first address is reserved for their endpoint, so I'm free to use five addresses.
We run a local network, so of course there is a router in between running OpenWRT to provide all hosts with (W)LAN (dhcp from a private range).
However, we also have a server running OS X Server 10.6 (Snow Leopard) and I'd like that server to be accessible both from the LAN using a private IP as well as from the WAN on it's own public IP.
Point of note is that the server only has one network port, so multiple NICs is not an option, unfortunately.
How would I go about doing this?
While you certainly could use NAT to simply DNAT a public address to the OS X machine, there would be issues with protocols which are broken by NAT or with host interconnection as soon as you would want more than one machine on the "DMZ".
You could set up a "proper" DMZ by using a combination of some advanced networking techniques, namely
The basic outline:
t
appended in the VLAN definition line)This will take some time and testing on your side and the ProxyARP part will need some basic scripting to get persistent as it cannot be configured with UCI.
I've never used OpenWRT, but it's possible usin NAT forwarding:
http://wiki.openwrt.org/doc/uci/firewall#forwarding.ports.destination.natdnat