[ previous ] [ next ] [ threads ]
 
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Question: LAN->WAN->LAN
 Date:  Thu, 19 Jun 2003 00:32:02 -0700 (PDT)
On Wed, 18 Jun 2003, Ryan Grove wrote:

> I got my net-4501 today and pounced on it instantly, but there's just
> one thing I haven't been able to figure out about m0n0wall. What little
> firewall-related knowledge I have comes from setting up my Linksys
> BEFSR41, which should give you an idea of just how little I know. Please
> be gentle.
> 
> So here's the problem. I've got a web server on my LAN and I have a NAT
> rule set up to allow external traffic to hit it. That's working fine.
> However, when I attempt to browse to the external address (wonko.com)
> from a machine in my LAN, the connection is refused. I've tried
> everything I can think of to fix this, but nothing works. WAN->LAN
> connections work, LAN->WAN connections work, but LAN->WAN->LAN
> connections are refused.
> 
> Am I just completely missing something, or is this currently not
> possible with m0n0wall?

The latter.  It's not possible with NAT.  The problem is that it's not
really LAN->WAN->LAN at all, it's just LAN->router.  Traffic destined for
the router doesn't get routed through the WAN interface in some sort of
driver-level loopback just because you specify the WAN IP.  Since it
doesn't go through the WAN interface, it doesn't go through NAT
processing, and gets delivered to the router itself.  And since the
router's webserver is bound specifically to the LAN IP, there's no port 80
listener for the WAN IP.

Accessing your LAN webserver *directly* should work, of course.  There's
also a way (in general, not with m0n0wall) to set up a "TCP forwarder"
from the router to the webserver, but neither the program nor a measn of
configuring it is included in m0n0wall.

					Fred Wright