I don't see anything in your description about proxy ARP; have you enabled 
it? The firewall has to respond with its own MAC address when the next-hop 
WAN device tries to communicate with one of your NATed IPs.

-klode

On Apr 1, 2005 1:11 PM, Eleazar Martínez <eleazar dot martinez at technosoft dot com> 
wrote:
> 
> 
> I'm trying to setup my m0n0 box as follows:
> 
> LAN: IP 192.168.0.1/24 <http://192.168.0.1/24> 
> WAN: IP 192.168.1.1/24 <http://192.168.1.1/24> GW 192.168.1.2<http://192.168.1.2> 
> OP1: IP 192.168.2.1/24 <http://192.168.2.1/24> 
> 
> I have a server in OP1 with the IP 192.168.2.10 <http://192.168.2.10> . I 
> want the server to be
> accessible (all ports/protocols) from the WAN side at the public ip 
> address
> 192.168.1.10 <http://192.168.1.10> . I add a NAT 1:1 on WAN with external 
> 192.168.1.10 <http://192.168.1.10> and internal
> 192.168.2.10 <http://192.168.2.10> . Rules for the firewall on WAN permit 
> traffic for destination
> 192.168.2.10 <http://192.168.2.10> and on the OP1 I allow all traffic. My 
> setup doesn't seem to
> work...
> 
> Without the addition of the OP1 interface everything works fine.
> 
> On the WAN I have disabled the checkbox for "Block private networks".
> 
> Do you see any problems with the above setup?
> 
> Some extra fun that might be causing problems: from the WAN side there 
> will
> be coming packets from 192.168.0.0/24 <http://192.168.0.0/24> (thanks to a 
> vpn router) directed to
> 192.168.1.10 <http://192.168.1.10> . Is this a problem because the packets 
> will 'look' like they
> come from my LAN (192.168.0.0/24 <http://192.168.0.0/24> )? Do I have to 
> tell it somehow to not route
> those packets to the LAN but send them using NAT to OP1 (a static route
> maybe)? And, lastly, am I just trying to do something that isn't possible
> with the packages that m0n0 uses internally?
> 
> By the way... I don't need any connection between LAN and OP1 at all so 
> it's
> ok if they cannot see each other.
> 
> Thanks in advance.
> 
> -Eleazar Martínez
>