Everything on the "Inbound" NAT tab is for the public IP on the monowall,
in your case x.y.z.88. The rules on the WAN interface for these should
have the destination set as some IP address on your LAN. For the "Inbound"
NAT tab you can use a different LAN IP for each port if you like.
The 1:1 NAT tab is for NATing all ports on an external IP to a single
internal/local IP. So, for x.y.z.90 you've got all ports being forwarded
to 192.168.100.90. Your rules for this should all have the destination set
I'm not sure where any overlap would come from? Please explain.
From: lists at mycommunitynet dot net [mailto:lists at mycommunitynet dot net]
Sent: Thursday, March 31, 2005 4:09 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] 1:1 Nat confusion
Hello all. I am successfully using 1:1 nat, but am not sure I understand
what is going on completely. I am playing with a machine that I would like
to have people be able to access it externally and internally. This is on
v1.1 with a bridged DSL line.
I have 5 IP addresses that I get from my ISP. I have M0n0 set up as the
first (x.y.z.88) and this provides NAT to a number of people. I turned on
Proxy Arp and set it up with my IP addresses. I then used 1:1 to set up
x.y.z.90 --> 192.168.100.90 (the machine's IP which points to the IP of
the machine on my LAN.
Then I added firewall rules for the ports that I wanted to use, but here
is where I am a little hazy. I have ports 80 and 22 forwarded already to
another machine already without using 1:1 NAT. To enter the same rules in
there, I can simply duplicate the rule that is currently there. So I end
up with a lot of duplicate rules with just the destination being
Is what I am doing "correct"? It would be nice if there was a better way
of separating the rules for each WAN IP. Is there a better way of doing
what I am doing?
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch