[ previous ] [ next ] [ threads ]
 
 From:  Dave Warren <maillist at devilsplayground dot net>
 To:  Christoph Gysin <cgysin at gmx dot ch>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] webGUI from WAN question
 Date:  Mon, 06 Dec 2004 22:48:36 -0700
Christoph Gysin wrote:

>> I just updated this FAQ.  
>> http://m0n0.ch/wall/docbook/faq-webGUI-from-WAN.html
>>
>> The example shown will only work if you have a static public IP.  I'm
>> looking for a sanity check.  If your WAN is DHCP, you'll have to set
>> the destination to any, right?
>
> But this is not what you want. If you set destination to any, you will
> allow all https-traffic to all your hosts on the LAN.

That would only apply if you have some hosts which are behind m0n0wall 
but aren't using NAT, wouldn't it?  -- As long as all your hosts are 
behind NAT the packet would get through the firewall, hit the NAT table 
and it wouldn't go any farther then that.

However, you could also create a "Deny from world-to-LAN" followed by a 
"Allow all from world to any" (in both cases on the appropriate port), I 
suspect that would work too.

-- 
They call it "PMS" because "Mad Cow Disease" was already taken