[ previous ] [ next ] [ threads ]
 
 From:  William Arlofski <waa dash m0n0wall at revpol dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] webGui from WAN - 1.2b3
 Date:  Sun, 16 Jan 2005 22:23:22 -0500
Chris Buechler wrote:
> On Sun, 16 Jan 2005 14:41:34 -0500, William Arlofski
> <waa dash m0n0wall at revpol dot com> wrote:
> 
>>Hi Peter.
>>
>>I would point it to 127.0.0.1, not your internal LAN IP. (probably not
>>an issue though)
>>
>>It is a two-part process to allow what you want. You did step #2, but
>>missed step #1. :)
>>
>>Step #1:  You need to make sure that you have an INBOUND NAT rule
>>configured to map incoming WAN conections on port 81 to 127.0.0.1
>>
>>Step #2: THEN you add the firewall rule to actually alow these
>>connections in.
>>
>>To save time, can even select "Auto-add a firewall rule to permit
>>traffic through this NAT rule" when adding the INBOUND NAT rule so there
>>is no need for step #2 in that case. :)
>>
>>If, however, you are like me and are a bit anal retentive about who is
>>allowed to connect to your web GUI on the M0n0, you might consider
>>visiting the firewall rules and limit the SOURCE IP to an IP or block of
>>IPs that you own so that the whole world is not allowed to hit the web
>>interface.
>>
> 
> 
> That'll work, but you don't have to use NAT. 
> http://m0n0.ch/wall/docbook/faq-webGUI-from-WAN.html
> 
> -Chris

Ah yes. I think you are correct. :)

I THINK I may have been thinking of the SNMP across the VPN to the LAN 
interface where (NAT) this needed to be done.

Keep up the great work on the FAQs/Docs!

Bill Arlofski
waa dash m0n0wall at revpol dot com