[ previous ] [ next ] [ threads ]
 
 From:  =?iso-8859-1?Q?Eleazar_Mart=EDnez?= <eleazar dot martinez at technosoft dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] NAT 1:1 problem
 Date:  Mon, 4 Apr 2005 08:27:42 -0500
>-----Original Message-----
>From: Claude Morin [mailto:klodefactor at gmail dot com] 
>Sent: Saturday, April 02, 2005 1:15 PM

>Cc: m0n0wall at lists dot m0n0 dot ch
>Subject: Re: [m0n0wall] NAT 1:1 problem
>
>I don't see anything in your description about proxy ARP; have 
>you enabled 
>it? The firewall has to respond with its own MAC address when 
>the next-hop 
>WAN device tries to communicate with one of your NATed IPs.

I have not used proxy ARP and actually don't know what it should be used
for. I'll investigate about it and see if that solves the problem.

Thanks!

>-klode
>

><eleazar dot martinez at technosoft dot com> 
>wrote:
>> 
>> 
>> I'm trying to setup my m0n0 box as follows:
>> 
>> LAN: IP 192.168.0.1/24 <http://192.168.0.1/24> 
>> WAN: IP 192.168.1.1/24 <http://192.168.1.1/24> GW 
>192.168.1.2<http://192.168.1.2> 
>> OP1: IP 192.168.2.1/24 <http://192.168.2.1/24> 
>> 
>> I have a server in OP1 with the IP 192.168.2.10 
><http://192.168.2.10> . I 
>> want the server to be
>> accessible (all ports/protocols) from the WAN side at the public ip 
>> address
>> 192.168.1.10 <http://192.168.1.10> . I add a NAT 1:1 on WAN 
>with external 
>> 192.168.1.10 <http://192.168.1.10> and internal
>> 192.168.2.10 <http://192.168.2.10> . Rules for the firewall 
>on WAN permit 
>> traffic for destination
>> 192.168.2.10 <http://192.168.2.10> and on the OP1 I allow 
>all traffic. My 
>> setup doesn't seem to
>> work...
>> 
>> Without the addition of the OP1 interface everything works fine.
>> 
>> On the WAN I have disabled the checkbox for "Block private networks".
>> 
>> Do you see any problems with the above setup?
>> 
>> Some extra fun that might be causing problems: from the WAN 
>side there 
>> will
>> be coming packets from 192.168.0.0/24 
><http://192.168.0.0/24> (thanks to a 
>> vpn router) directed to
>> 192.168.1.10 <http://192.168.1.10> . Is this a problem 
>because the packets 
>> will 'look' like they
>> come from my LAN (192.168.0.0/24 <http://192.168.0.0/24> )? 
>Do I have to 
>> tell it somehow to not route
>> those packets to the LAN but send them using NAT to OP1 (a 
>static route
>> maybe)? And, lastly, am I just trying to do something that 
>isn't possible
>> with the packages that m0n0 uses internally?
>> 
>> By the way... I don't need any connection between LAN and 
>OP1 at all so 
>> it's
>> ok if they cannot see each other.
>> 
>> Thanks in advance.
>> 

>>
>