|
||||||||||
Chris Buechler wrote: > On Sun, 16 Jan 2005 14:41:34 -0500, William Arlofski > <waa dash m0n0wall at revpol dot com> wrote: > >>Hi Peter. >> >>I would point it to 127.0.0.1, not your internal LAN IP. (probably not >>an issue though) >> >>It is a two-part process to allow what you want. You did step #2, but >>missed step #1. :) >> >>Step #1: You need to make sure that you have an INBOUND NAT rule >>configured to map incoming WAN conections on port 81 to 127.0.0.1 >> >>Step #2: THEN you add the firewall rule to actually alow these >>connections in. >> >>To save time, can even select "Auto-add a firewall rule to permit >>traffic through this NAT rule" when adding the INBOUND NAT rule so there >>is no need for step #2 in that case. :) >> >>If, however, you are like me and are a bit anal retentive about who is >>allowed to connect to your web GUI on the M0n0, you might consider >>visiting the firewall rules and limit the SOURCE IP to an IP or block of >>IPs that you own so that the whole world is not allowed to hit the web >>interface. >> > > > That'll work, but you don't have to use NAT. > http://m0n0.ch/wall/docbook/faq-webGUI-from-WAN.html > > -Chris Ah yes. I think you are correct. :) I THINK I may have been thinking of the SNMP across the VPN to the LAN interface where (NAT) this needed to be done. Keep up the great work on the FAQs/Docs! Bill Arlofski waa dash m0n0wall at revpol dot com |