Chris Buechler wrote:
> On Sun, 16 Jan 2005 14:41:34 -0500, William Arlofski
> <waa dash m0n0wall at revpol dot com> wrote:
>>I would point it to 127.0.0.1, not your internal LAN IP. (probably not
>>an issue though)
>>It is a two-part process to allow what you want. You did step #2, but
>>missed step #1. :)
>>Step #1: You need to make sure that you have an INBOUND NAT rule
>>configured to map incoming WAN conections on port 81 to 127.0.0.1
>>Step #2: THEN you add the firewall rule to actually alow these
>>To save time, can even select "Auto-add a firewall rule to permit
>>traffic through this NAT rule" when adding the INBOUND NAT rule so there
>>is no need for step #2 in that case. :)
>>If, however, you are like me and are a bit anal retentive about who is
>>allowed to connect to your web GUI on the M0n0, you might consider
>>visiting the firewall rules and limit the SOURCE IP to an IP or block of
>>IPs that you own so that the whole world is not allowed to hit the web
> That'll work, but you don't have to use NAT.
Ah yes. I think you are correct. :)
I THINK I may have been thinking of the SNMP across the VPN to the LAN
interface where (NAT) this needed to be done.
Keep up the great work on the FAQs/Docs!
waa dash m0n0wall at revpol dot com