On Nov 10, 2004, at 7:25 AM, Matt Hohman wrote:
> I'm trying to setup m0n0wall to do transparent proxying based on the
> message you left on the list. This is our setup (I hope the Ascii
> comes out okay)
> t1---------------- m0n0wall ---------- DMZ
> . : mail
> voip (asterisk) : web
> LAN---PPTP proxy (content filtering were a church)
> 60 Machines
> We are trying to add a Nat->inbound rule but in the drop down box in
> Inbound under Nat settings it only lists the WAN interface. How can I
> set it to lan? (I can send a screenshot if I'm not describing the menu
Seems like m0n0 is deliberately not showing the LAN(nor PPTP for that
matter) interface in that dropbox. I can't find any good reason for
this except that this may be a failsafe mechanism preventing admin from
locking himself out.
This is not a problem in my setup cause I'm using vlans for the
internal networks and they show up as OPT interfaces.
A quick fix for you would be to attach your LAN network(with the 60
machines as indicated in ascii) to a OPT interface instead of the
configured LAN, or if you are up to it hack the config.xml directly to
reflect your setup.
Note that you will not be able to access the webgui from the network
you enable transparent proxying for, since all the traffic is
redirected to your proxy which has no(/should have no) access to your
internal LAN. So make sure you add an appropriate
Manuel/Developers: It would be nice to have some more fine grained
control over the rules so that you for example could enable transparent
proxying for a range of ip's or whatnot. From what I can gather the
NAT->Inbound page is creating ipnat rdr rules which support this, or am
I missing something here?
Thomas Kolstø <thomas at kolsto dot no>