[ previous ] [ next ] [ threads ]
 
 From:  =?iso-8859-1?Q?Eleazar_Mart=EDnez?= <eleazar dot martinez at technosoft dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] NAT 1:1 problem
 Date:  Fri, 1 Apr 2005 19:19:29 -0600 
>-----Original Message-----
>From: Chris Buechler [mailto:cbuechler at gmail dot com] 
>Sent: Friday, April 01, 2005 3:53 PM
>Cc: m0n0wall at lists dot m0n0 dot ch
>Subject: Re: [m0n0wall] NAT 1:1 problem
>
>On Apr 1, 2005 1:19 PM, Eleazar Martínez
><eleazar dot martinez at technosoft dot com> wrote:
>> 
>> >-----Original Message-----
>> >From: Eleazar Martínez [mailto:eleazar dot martinez at technosoft dot com]
>> >Sent: Friday, April 01, 2005 12:11 PM
>> >To: m0n0wall at lists dot m0n0 dot ch
>> >Subject: [m0n0wall] NAT 1:1 problem
>> >
>> >
>> >I'm trying to setup my m0n0 box as follows:
>> >
>> >LAN: IP 192.168.0.1/24
>> >WAN: IP 192.168.1.1/24 GW 192.168.1.2
>> >OP1: IP 192.168.2.1/24
>> >
>> >I have a server in OP1 with the IP 192.168.2.10. I want the
>> >server to be
>> >accessible (all ports/protocols) from the WAN side at the
>> >public ip address
>> >192.168.1.10. I add a NAT 1:1 on WAN with external
>> >192.168.1.10 and internal
>> >192.168.2.10. Rules for the firewall on WAN permit traffic for
>> >destination
>> >192.168.2.10 and on the OP1 I allow all traffic. My setup
>> >doesn't seem to
>> >work...
>> 
>> I wrote it wrong here...
>> "Rules for the firewall on WAN permit traffic for destination
>> 192.168.2.10"
>> The rule is to allow traffic for destination 192.168.1.10 
>which is what
>> packets from the WAN will try to connect to.
>> 
>
>Few questions that might help us.  
>
>Can 2.10 get out to the internet?  Are you seeing anything in your
>logs?  What's 2.10 using as its default gateway?

Yes, 2.10 can get out to the internet. 2.10's gateway is 192.168.2.1.
I can't see anything useful in my logs. I have a ton of rules and all have
logging enabled... I'll disable the logging on all "allow" rules and see if
something useful comes up.

1 question... To use Nat 1:1 on the ips on the opt1 subnet do I have to
enable advanced outbound nat and only add the lan subnet to it?

-Eleazar

>-Chris
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>