[ previous ] [ next ] [ threads ]
 From:  "Psychogios Dimitris, Qualco" <dpsychogios at qualco dot gr>
 To:  "Dub Dublin" <dub at infowave dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Inbount NAT won't answer on WAN i/f
 Date:  Tue, 16 Nov 2004 10:04:01 +0200
Did you setup ProxyARP for the LAN server/s ??? For Inbound NAT to work you need to ProxyARP...

> -----Original Message-----
> From: Dub Dublin [mailto:dub at infowave dot com]
> Sent: Tuesday, November 16, 2004 9:07 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] Inbount NAT won't answer on WAN i/f
> I've got what should be a fairly simple m0n0wall setup, and I'm 
> reasonably competent (having once managed Chevron's 
> transition to IP), 
> but so far, I can't get m0n0's Inbound NAT working.  Here are 
> the details:
> M0n0wall v1.11 running on a net4801 (1.1 was originally 
> loaded, and showed 
> the same problem - I upgraded to 1.11 yesterday with no 
> apparent change 
> in the problem I'm seeing - BTW, darn slick upgrade mechanism - great 
> job!)  Static IP on WAN side, M0n0 box has static IP on LAN side and 
> also serves DHCP addresses on LAN side.  The LAN also hosts a 
> mail and 
> web server, so the firewall needs to forward ports 25 and 80 from its 
> WAN address to that server's address on the LAN (via inbound NAT.)
> Inbound NAT has been configured (very carefully, several times, 
> including from scratch) per the documentation, including automatic 
> creation of firewall rules to match the NAT settings.
> The problem:  port scans or any attempts to connect to ports 
> 25 or 80 on 
> the WAN IP address fail, so something is wrong in the 
> firewall itself.  
> (Both succeed when run directly against the web/mail server's LAN 
> address.)  Hardware and other problems can be eliminated, 
> since I also 
> have PPTP access turned on, and can both successfully port scan port 
> 1723 as well as make a successful PPTP connection through the 
> WAN port 
> to the LAN, so basic operation of hardware, OS, firewall 
> rules, and the 
> IP stack can be shown.  Firewall logs show no dropped or 
> blocked traffic 
> to port 25 or 80.
> To be honest, I'm baffled as to why this isn't working - I suppose I 
> could try 1:1 NAT, but I really don't want to open up 
> anything inbound 
> other than the two ports that need to get redirected to the web/mail 
> server.  What am I doing wrong?
> Any suggestions?  I can post my config.xml if that will help, but I 
> figure I can't be the first one to discover that Inbound NAT doesn't 
> seem to work as advertised right out of the box.
> Thanks,
> Dub Dublin
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch