[ previous ] [ next ] [ threads ]
 
 From:  "Sancho2k.net Lists" <lists at sancho2k dot net>
 To:  Don Munyak <don dot munyak at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: Need Help with 1:1 Nat
 Date:  Sat, 26 Mar 2005 21:58:56 -0700
Don Munyak wrote:
> I am pretty sure I have it solved not.
> I changed the rules for the WAN. Instead of using the public IP's, I
> substituted the private IP's in the WAN rules.
> 
> Now I am able to get access from outside in for a given webserver.
> 
> old rules
> WAN - ANY - ANY - aa.43.155.34 http
> WAN - ANY - ANY - aa.43.155.34 https
> 
> new rules
> WAN - ANY - ANY - 192.168.222.4 http
> WAN - ANY - ANY - 192.168.222.4 https
> 
> Does anyone disagree with this ??? and why ??

That makes good sense, the way that the rules are processed is that
filters are applied after translation, so it would be correct to specify
the private addresses in your allows.

DS