[ previous ] [ next ] [ threads ]
 
 From:  Rick Preston <rickjpreston at gmail dot com>
 To:  Tony Pitman <tony at shatalmic dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] nat one to one problem
 Date:  Tue, 16 Nov 2004 09:47:36 -0500 
Why not put the couple of computers back in on the private address
space and use the VPN services on m0n0wall to route to their
workstations?

> I have a couple of computers that the users have needed to VPN into, so
> they got public IP addresses.


On Mon, 15 Nov 2004 20:27:57 -0700, Tony Pitman <tony at shatalmic dot com> wrote:
> I did search the archives before posting this. I did not find any relevant
> answers.
> 
> I have a single m0n0wall router running. Both Ethernet cards, my T1 Cisco
> router to the Internet and all computers on the network are connect to a
> dumb switch.
> 
> The WAN Ethernet card of the m0n0wall router is set to an IP public address
> that is routed to the Cisco router.
> 
> The LAN Ethernet card is set to do NAT routing.
> 
> Most of the computers on the LAN are set to DHCP and end up being inside
> the NAT.
> 
> I have a couple of computers that the users have needed to VPN into, so
> they got public IP addresses.
> 
> The problem with these few public computers is that they are bypassing my
> traffic shaper and I want to put them behind the NAT.
> 
> I tried to set up one using the NAT 1:1. I assigned it an internal NATed IP
> address. I then assigned the public address in the NAT 1:1 section. That
> computer lost all Internet access. I then added the proxy ARP just to make
> sure and that did not help.
> 
> Does anyone have any idea what I am doing wrong? If I just give the
> computer an internal NATed address (and don't set up the NAT 1:1)
> everything works fine as far as the computer being able to get OUT to the
> Internet. As soon as I enter the 1:1 entry for that computer's internal
> address and the public address, that computer can't see the Internet any more.
> 
> I even tried just mapping some ports and NOT using the NAT 1:1 and that
> didn't work either.
> 
> Any thoughts?
> 
> Thanks,
> 
> Tony Pitman
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>