[ previous ] [ next ] [ threads ]
 
 From:  JSimoneau at lmtcs dot com
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Accessing internal hosts via external IP
 Date:  Thu, 31 Mar 2005 15:28:56 -0500
Dave,

I'd like to see it. A lot of other people would like to see I, toot. But,
I'm not exactly sure where the issue lies. If I'm remembering correctly
from earlier posts, it's not an easy problem to solve.

Regards,
Josh Simoneau


-----Original Message-----
From: David Cavanaugh [mailto:dcavanaugh at thewebpros dot net] 
Sent: Thursday, March 31, 2005 2:58 PM
To: Josh J Simoneau
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Accessing internal hosts via external IP

Right.

So it's a known issue. Does that mean such a thing would be possible in
the future?

Thanks,

Dave

-----Original Message-----
From: JSimoneau at lmtcs dot com [mailto:JSimoneau at lmtcs dot com]
Sent: Thursday, March 31, 2005 2:44 PM
To: David Cavanaugh
Subject: RE: [m0n0wall] Accessing internal hosts via external IP

Dave,

This is a known issue with monowall. From the LAN you need to access
systems using their LAN IP address. NAT only works from the WAN interface.

The solution to this is the DNS Forwarder, but that might not be what
you're looking for if you're doing everything by IP address.

Regards,
Josh Simoneau



-----Original Message-----
From: David Cavanaugh [mailto:dcavanaugh at thewebpros dot net]
Sent: Thursday, March 31, 2005 1:13 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Accessing internal hosts via external IP

Using iptables we were able to access internal machines via their public
IPs using commands similar to:

iptables -t nat -A PREROUTING -i $INTERNAL_INTERFACE -d $EXTERNAL_ADDRESS
-j DNAT --to $INTERNAL_ADDRESS

iptables -t nat -A POSTROUTING -o $INTERNAL_INTERFACE -d $INTERNAL_ADDRESS
-s $DMZ_NETWORK -j SNAT --to $DMZ_GATEWAY

And it worked for years-- no problems.

Now, since I am totally ignorant concerning ipfilter and ipfw, can anyone
unequivocally say that is impossible in m0n0wall?

I'm only curious.

Thanks,

Dave

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch