|
||||||||
>-----Original Message----- >From: Chris Buechler [mailto:cbuechler at gmail dot com] >Sent: Friday, April 01, 2005 8:00 PM >Cc: m0n0wall at lists dot m0n0 dot ch >Subject: Re: [m0n0wall] NAT 1:1 problem > >On Apr 1, 2005 8:19 PM, Eleazar Martínez ><eleazar dot martinez at technosoft dot com> wrote: >> >> Yes, 2.10 can get out to the internet. 2.10's gateway is 192.168.2.1. >> I can't see anything useful in my logs. I have a ton of >rules and all have >> logging enabled... I'll disable the logging on all "allow" >rules and see if >> something useful comes up. >> > >Are you really 1:1'ing to a private IP on the WAN side? If that's >just for the sake of obfuscation, go to www.whatismyip.com and see if >it's showing the right IP. If you are translating to another private >IP, that won't work but you can put a sniffer on the WAN side to see >if it is indeed being translated. > It is not for obfuscation. My m0n0wall is just one step before the actual internet gateway. The internet gateway (and vpn router) will only listen to m0n0wall and a couple other devices on the 192.168.1.1/24. I need to make the internet gateway communicate correctly with the 1:1 addresses. Apparently packets are bieng NAT'ed correctly with the 1:1 entries I have in my m0n0wall but the gateway doesn't seem to like it. When the packets go through a 1:1 do their mac address get rewritten by m0n0wall? Is that what happens with regular routing? Maybe that's why the gateway can't communicate correclty with those ips. > >> 1 question... To use Nat 1:1 on the ips on the opt1 subnet >do I have to >> enable advanced outbound nat and only add the lan subnet to it? >> > >No. > >Snippets (or all) of your config.xml from status.php would >probably be helpful. > >-Chris > >--------------------------------------------------------------------- >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > > |