I don't see anything in your description about proxy ARP; have you enabled
it? The firewall has to respond with its own MAC address when the next-hop
WAN device tries to communicate with one of your NATed IPs.
> I'm trying to setup my m0n0 box as follows:
> LAN: IP 192.168.0.1/24 <http://192.168.0.1/24>
> WAN: IP 192.168.1.1/24 <http://192.168.1.1/24> GW 192.168.1.2<http://192.168.1.2>
> OP1: IP 192.168.2.1/24 <http://192.168.2.1/24>
> I have a server in OP1 with the IP 192.168.2.10 <http://192.168.2.10> . I
> want the server to be
> accessible (all ports/protocols) from the WAN side at the public ip
> 192.168.1.10 <http://192.168.1.10> . I add a NAT 1:1 on WAN with external
> 192.168.1.10 <http://192.168.1.10> and internal
> 192.168.2.10 <http://192.168.2.10> . Rules for the firewall on WAN permit
> traffic for destination
> 192.168.2.10 <http://192.168.2.10> and on the OP1 I allow all traffic. My
> setup doesn't seem to
> Without the addition of the OP1 interface everything works fine.
> On the WAN I have disabled the checkbox for "Block private networks".
> Do you see any problems with the above setup?
> Some extra fun that might be causing problems: from the WAN side there
> be coming packets from 192.168.0.0/24 <http://192.168.0.0/24> (thanks to a
> vpn router) directed to
> 192.168.1.10 <http://192.168.1.10> . Is this a problem because the packets
> will 'look' like they
> come from my LAN (192.168.0.0/24 <http://192.168.0.0/24> )? Do I have to
> tell it somehow to not route
> those packets to the LAN but send them using NAT to OP1 (a static route
> maybe)? And, lastly, am I just trying to do something that isn't possible
> with the packages that m0n0 uses internally?
> By the way... I don't need any connection between LAN and OP1 at all so
> ok if they cannot see each other.
> Thanks in advance.