James W. McKeand wrote:
>It may not be a "problem" but a design limitation. The LAN/NAT issue
>causes problems with more than just m0n0wall. I cannot think of a NAT
>implementation that does not have a problem described in this:
>http://www.m0n0.ch/wall/docbook/faq-lannat.html. It may be possible to
>ping the public IP (as you state later...) but higher level protocols
>will not work...
It's worth noting that $20 Linksys boxes have managed to lick this
problem due to the user confusion it causes.
I still struggle with this here for a couple reasons, but biggest reason
being that from the outside different ports forward to difference places
inside my LAN, so a straight DNS mapping isn't an option.
I've ended up creating a DNS record of *.firewall.example.com (Where
example.com is my domain name) which points to my firewall's external
IP, then I configure my internal clients to use
machinename.firewall.example.com -- When they're internal, the DNS
forwarder takes care of it, when they're external they get the
firewall's external IP.
This works, but it means that when I move a service from one internal IP
to another, I not only have to update m0n0wall but also every internal
I know what "Cheese" is, and I know what "Whiz" is...