I did search the archives before posting this. I did not find any relevant 
answers.

I have a single m0n0wall router running. Both Ethernet cards, my T1 Cisco 
router to the Internet and all computers on the network are connect to a 
dumb switch.

The WAN Ethernet card of the m0n0wall router is set to an IP public address 
that is routed to the Cisco router.

The LAN Ethernet card is set to do NAT routing.

Most of the computers on the LAN are set to DHCP and end up being inside 
the NAT.

I have a couple of computers that the users have needed to VPN into, so 
they got public IP addresses.

The problem with these few public computers is that they are bypassing my 
traffic shaper and I want to put them behind the NAT.

I tried to set up one using the NAT 1:1. I assigned it an internal NATed IP 
address. I then assigned the public address in the NAT 1:1 section. That 
computer lost all Internet access. I then added the proxy ARP just to make 
sure and that did not help.

Does anyone have any idea what I am doing wrong? If I just give the 
computer an internal NATed address (and don't set up the NAT 1:1) 
everything works fine as far as the computer being able to get OUT to the 
Internet. As soon as I enter the 1:1 entry for that computer's internal 
address and the public address, that computer can't see the Internet any more.

I even tried just mapping some ports and NOT using the NAT 1:1 and that 
didn't work either.

Any thoughts?

Thanks,

Tony Pitman