Re: [m0n0wall] nat one to one problem

From:	alex wetmore <alex at phred dot org>
To:	Tony Pitman <tony at shatalmic dot com>
Cc:	Rick Preston <rickjpreston at gmail dot com>, <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] nat one to one problem
Date:	Tue, 16 Nov 2004 10:30:33 -0800 (PST)

On Tue, 16 Nov 2004, Tony Pitman wrote:
> I would still like to get the 1:1 to work because I have another computer
> that needs to basically be a public computer with a public IP address. Any
> ideas on why the 1:1 won't work?

Are you sure that you configured it correctly?  There are many necessary
steps.

First you need the 1:1 rule under NAT.  Make sure that the internal
and external IP are properly defined.  For instance here is one of
my entries:

Interface: WAN
External IP: 216.254.27.121/32
Internal IP: 172.16.1.2/32
Description: phred.org

You also need to add a proxy arp entry.  This will use the external
address.  Here is my entry:

Network: 216.254.27.121
Description: phred.org

You'll need some rules to allow traffic in.  Here is an example
one for me:

WAN interface
Proto: TCP
Source: *
Port: *
Destination: phred (that is an alias for 172.16.1.2)
Port: 25 (SMTP)
Description: SMTP -> phred.org

I also had problems when I was first moving to m0n0wall that seemed to
stem from a long arp cache at my ISP.  Once my m0n0wall was installed
for an hour or two (much longer than most ARP caches) everything
started to work.  If you are just installed m0n0wall after having used
different router hardware then you might want to clone your external
facing MAC address to help with this issue.

alex