[ previous ] [ next ] [ threads ]
 
 From:  Steven Ball <hamster at snurkle dot net>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Outbound NAT and bouncing
 Date:  Wed, 5 May 2004 01:54:23 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have come across a problem where I require some client boxen that are 
on an internet interface to be able to access services on a public IP 
address that is actually a NAT back into a different internal 
interface.  As you all know, this is not quite possible with IPF 
(although it does work fine under Linux iptables...).

As such, I found someone that posted some source code for a bounce 
utility, which I compiled and stuck on the monowall for some testing.  
I found that I could, with proper NAT rules, accomplish my goals fairly 
easily, but I have run into two problems:

1) in both monowall 1.0 and the current beta version, there is no way 
to do outbound NAT where the interface the packets come in on is LAN.  
I had to basically put an 'empty' ethernet card in the box and use an 
OPT interface instead

2) there is no easy way to setup bounce from the GUI

The first of which should be easy to solve; just allow LAN to be an 
option for which interface an outbound NAT is applied (is this a bad 
idea?  if so, why?).  The second of which would require some hacking.  
Since this feature would be rather useful to me, I plan on adding some 
support for it.  My question is, are the developers at large interested 
as well?  I really hate to contribute patches that no one wants :)  If 
my plan of attack seems dumb, please let me know and I will try to make 
whatever I come up with more useful to everyone at large.

I apologize if this has come up before; I searched the archives but I 
didn't really see anything that stood out.

Keep up the good work on monowall, it has made my life a heck of a lot 
easier :)

Steven Ball
Snurkle Engineering
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFAmJ23aaHhFtPv1mERAglwAJ9tSUkwrgkhfAiLAr7+xcrwPvfRqwCfQb0C
HzwVmzsC+G4jcTsaTZNZaPQ=
=IjLC
-----END PGP SIGNATURE-----