Re: [m0n0wall] Re: Need Help with 1:1 Nat

From:	Don Munyak <don dot munyak at gmail dot com>
To:	"Sancho2k.net Lists" <lists at sancho2k dot net>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Re: Need Help with 1:1 Nat
Date:	Sun, 27 Mar 2005 01:04:23 -0500

Thanks DS,

I was unaware how and when the rules are processed. Based on what you
said, I now understand. And it's also good to know I made a good
educated guess :)

Regards,

- Don


On Sat, 26 Mar 2005 21:58:56 -0700, Sancho2k.net Lists
<lists at sancho2k dot net> wrote:
> Don Munyak wrote:
> > I am pretty sure I have it solved not.
> > I changed the rules for the WAN. Instead of using the public IP's, I
> > substituted the private IP's in the WAN rules.
> >
> > Now I am able to get access from outside in for a given webserver.
> >
> > old rules
> > WAN - ANY - ANY - aa.43.155.34 http
> > WAN - ANY - ANY - aa.43.155.34 https
> >
> > new rules
> > WAN - ANY - ANY - 192.168.222.4 http
> > WAN - ANY - ANY - 192.168.222.4 https
> >
> > Does anyone disagree with this ??? and why ??
> 
> That makes good sense, the way that the rules are processed is that
> filters are applied after translation, so it would be correct to specify
> the private addresses in your allows.
> 
> DS
>