[ previous ] [ next ] [ threads ]
 
 From:  Tony Pitman <tony at shatalmic dot com>
 To:  Rick Preston <rickjpreston at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] nat one to one problem
 Date:  Tue, 16 Nov 2004 11:15:49 -0700
Rick,

I would still like to get the 1:1 to work because I have another computer 
that needs to basically be a public computer with a public IP address. Any 
ideas on why the 1:1 won't work?

Tony

>Why not put the couple of computers back in on the private address
>space and use the VPN services on m0n0wall to route to their
>workstations?
>
> > I have a couple of computers that the users have needed to VPN into, so
> > they got public IP addresses.
>
>
>On Mon, 15 Nov 2004 20:27:57 -0700, Tony Pitman <tony at shatalmic dot com> wrote:
> > I did search the archives before posting this. I did not find any relevant
> > answers.
> >
> > I have a single m0n0wall router running. Both Ethernet cards, my T1 Cisco
> > router to the Internet and all computers on the network are connect to a
> > dumb switch.
> >
> > The WAN Ethernet card of the m0n0wall router is set to an IP public address
> > that is routed to the Cisco router.
> >
> > The LAN Ethernet card is set to do NAT routing.
> >
> > Most of the computers on the LAN are set to DHCP and end up being inside
> > the NAT.
> >
> > I have a couple of computers that the users have needed to VPN into, so
> > they got public IP addresses.
> >
> > The problem with these few public computers is that they are bypassing my
> > traffic shaper and I want to put them behind the NAT.
> >
> > I tried to set up one using the NAT 1:1. I assigned it an internal NATed IP
> > address. I then assigned the public address in the NAT 1:1 section. That
> > computer lost all Internet access. I then added the proxy ARP just to make
> > sure and that did not help.
> >
> > Does anyone have any idea what I am doing wrong? If I just give the
> > computer an internal NATed address (and don't set up the NAT 1:1)
> > everything works fine as far as the computer being able to get OUT to the
> > Internet. As soon as I enter the 1:1 entry for that computer's internal
> > address and the public address, that computer can't see the Internet 
> any more.
> >
> > I even tried just mapping some ports and NOT using the NAT 1:1 and that
> > didn't work either.
> >
> > Any thoughts?
> >
> > Thanks,
> >
> > Tony Pitman
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >