[ previous ] [ next ] [ threads ]
 
 From:  Tony Pitman <tony at shatalmic dot com>
 To:  alex wetmore <alex at phred dot org>
 Cc:  Rick Preston <rickjpreston at gmail dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] nat one to one problem
 Date:  Tue, 16 Nov 2004 11:40:32 -0700
Alex,

I know I have it set up correctly. It is similar to your set.

Sounds like it might be a problem with ARP. I did not give it a while to 
see if it would work. I just set it up and didn't have Internet so I put it 
back the way it was.

I will try setting it up again later in the day when I can let it sit over 
night and see what happens.

Tony

>On Tue, 16 Nov 2004, Tony Pitman wrote:
> > I would still like to get the 1:1 to work because I have another computer
> > that needs to basically be a public computer with a public IP address. Any
> > ideas on why the 1:1 won't work?
>
>Are you sure that you configured it correctly?  There are many necessary
>steps.
>
>First you need the 1:1 rule under NAT.  Make sure that the internal
>and external IP are properly defined.  For instance here is one of
>my entries:
>
>Interface: WAN
>External IP: 216.254.27.121/32
>Internal IP: 172.16.1.2/32
>Description: phred.org
>
>You also need to add a proxy arp entry.  This will use the external
>address.  Here is my entry:
>
>Network: 216.254.27.121
>Description: phred.org
>
>You'll need some rules to allow traffic in.  Here is an example
>one for me:
>
>WAN interface
>Proto: TCP
>Source: *
>Port: *
>Destination: phred (that is an alias for 172.16.1.2)
>Port: 25 (SMTP)
>Description: SMTP -> phred.org
>
>I also had problems when I was first moving to m0n0wall that seemed to
>stem from a long arp cache at my ISP.  Once my m0n0wall was installed
>for an hour or two (much longer than most ARP caches) everything
>started to work.  If you are just installed m0n0wall after having used
>different router hardware then you might want to clone your external
>facing MAC address to help with this issue.
>
>alex