Stupid question, but are you scanning from the inside of the firewall?
The Inbound NAT page states - "Note: It is not possible to access
NATed services using the WAN IP address from within LAN (or an
I just tried to test what would happen if I created a Inbound NAT and
firewall rules for SMTP (I do not host any of my mail or web on my
LAN, but I do have servers...) I created an Inbound NAT on my WAN
interface IP with external port and internal port 25 and my SBS as the
NAT IP. Allowed creation of the Firewall Rule (Pass -> Interface: WAN
-> Source IP: any -> Source Port: any -> Destination IP: SBS ->
Destination Port: 25). I tested this by using remote desktop
connection to connect to a server at one of my client's site, then
used telnet from there to connect back to my WAN IP on port 25. I
connected to my SBS's Exchange as expected...
Have you tried testing from the "outside"?
James W. McKeand
From: Dub Dublin [mailto:dub at infowave dot com]
Sent: Tuesday, November 16, 2004 2:07 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Inbount NAT won't answer on WAN i/f
I've got what should be a fairly simple m0n0wall setup, and I'm
reasonably competent (having once managed Chevron's transition to IP),
but so far, I can't get m0n0's Inbound NAT working. Here are the
M0n0wall v1.11 running on a net4801 (1.1 was originally loaded, and
the same problem - I upgraded to 1.11 yesterday with no apparent
in the problem I'm seeing - BTW, darn slick upgrade mechanism - great
job!) Static IP on WAN side, M0n0 box has static IP on LAN side and
also serves DHCP addresses on LAN side. The LAN also hosts a mail and
web server, so the firewall needs to forward ports 25 and 80 from its
WAN address to that server's address on the LAN (via inbound NAT.)
Inbound NAT has been configured (very carefully, several times,
including from scratch) per the documentation, including automatic
creation of firewall rules to match the NAT settings.
The problem: port scans or any attempts to connect to ports 25 or 80
the WAN IP address fail, so something is wrong in the firewall itself.
(Both succeed when run directly against the web/mail server's LAN
address.) Hardware and other problems can be eliminated, since I also
have PPTP access turned on, and can both successfully port scan port
1723 as well as make a successful PPTP connection through the WAN port
to the LAN, so basic operation of hardware, OS, firewall rules, and
IP stack can be shown. Firewall logs show no dropped or blocked
to port 25 or 80.
To be honest, I'm baffled as to why this isn't working - I suppose I
could try 1:1 NAT, but I really don't want to open up anything inbound
other than the two ports that need to get redirected to the web/mail
server. What am I doing wrong?
Any suggestions? I can post my config.xml if that will help, but I
figure I can't be the first one to discover that Inbound NAT doesn't
seem to work as advertised right out of the box.
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch