So...

If I have a x.x.x.14 / 29 subnet and I have no idea how anything is working. The current PIX firewall is configured to forward the following IPs:

x.x.x.15
x.x.x.16
x.x.x.17
x.x.x.18

...and a gateway of x.x.x.13. This is fine with me but none of the subnet calculators coincide with this math. Regardless, I am wondering how to configure my Astaro firewall.

1) Should I just add the interface with the x.x.x.14 / 29 IP address?
2) If so, do I then create an x.x.x.x / 32 alias for each IP (or will the #1 item do this implicitly)?

Any help is appreciated (I will buy you a pint if you can make this work).

The Astaro really does make this pretty simple, but there's still a lot to know. We can give you some ideas, but, in a professional environment, I think it makes good economic sense to have your first Astaro installed by someone with experience. That said, here are a few thoughts.

If you have an internal mail server and plan to use the Astaro SMTP proxy (with or without mail security), then to the External interface, you should assign as the primary IP the address pointed to by the MX record in your authoritative name server.

For the other IPs, they may be assigned as 'Additional Addresses' on the External interface, and each should indeed be given /32. There is no default gateway assigned to an additional address.

For example, to make an internal web server available to the internet, you would create a NAT rule:

Traffic Source: Internet
Traffic Service: HTTP
Traffic Destination: External [{name of add'l address}] (Address)

NAT mode: DNAT (Destination)

Destination: {host name of internal IP of webserver}
Destination Service: {leave blank!}

Cheers - Bob

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!