Re: [m0n0wall] webGui from WAN

From:	Chris Buechler <cbuechler at gmail dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] webGui from WAN - 1.2b3
Date:	Sun, 16 Jan 2005 15:05:45 -0500

On Sun, 16 Jan 2005 14:41:34 -0500, William Arlofski
<waa dash m0n0wall at revpol dot com> wrote:
> 
> Hi Peter.
> 
> I would point it to 127.0.0.1, not your internal LAN IP. (probably not
> an issue though)
> 
> It is a two-part process to allow what you want. You did step #2, but
> missed step #1. :)
> 
> Step #1:  You need to make sure that you have an INBOUND NAT rule
> configured to map incoming WAN conections on port 81 to 127.0.0.1
> 
> Step #2: THEN you add the firewall rule to actually alow these
> connections in.
> 
> To save time, can even select "Auto-add a firewall rule to permit
> traffic through this NAT rule" when adding the INBOUND NAT rule so there
> is no need for step #2 in that case. :)
> 
> If, however, you are like me and are a bit anal retentive about who is
> allowed to connect to your web GUI on the M0n0, you might consider
> visiting the firewall rules and limit the SOURCE IP to an IP or block of
> IPs that you own so that the whole world is not allowed to hit the web
> interface.
> 

That'll work, but you don't have to use NAT. 
http://m0n0.ch/wall/docbook/faq-webGUI-from-WAN.html

-Chris