We've got a 678 (CBOS 2.4.2) and a DSL line from Qwest. It has 5 static IP's that go with the router IP. I'll use for the example:

123.123.123.1 (reserved for the 678 ETH0 interface)

123.123.123.2 -> .6 are also available

Inside, we're 192.168.100.X , 25 or so IP addresses, 4 servers and the rest are laptops and desktops.

Currently, with the NAT enabled, I'm able to browse out from all the machines. But they're all using the 123.1 address of the DSL router. I'm a little unclear how, in CBOS, to enable the other IP's for use with NAT. But I think having the web surfing using the same IP is fine for most things.

What I really want to do, is take 123.2 and map an inbound static NAT to 192.168.100.25 on port 80 and, 123.3 to 100.111 with the PPTP VPN ports. With CBOS let me do this? It seems I can have either or with my intial trials. If I set up the static NAT's by assigning the VIP's and adding the NAT entries for the inbound webserver and VPN tunnel, I loose the dynamic NAT'ing of the other workstations. The CBOS docs on the CD and on the website don't quite describe what I want to do. I need any 192.168.100.X machine to be able to do outbound traffic, preferably on the fly, but I'll hardcode a bunch of NAT statements if that's what it takes, and I need to assign "conduits" in pix-speak for the 123.2 through 6 IP's to internal 192.168.100.x IPs.

So, can I do it with just the 678? Or should I have another device between the 678 and the internal network doing the NAT translations for me (preferably something with a OS I understand better than CBOS)

Also is there any other docs than "CBOS 2.4 User Guide" I should be reading that would help me understand this?

thanks in advance,

Rich Whiffen