[ previous ] [ next ] [ threads ]
 From:  =?iso-8859-1?Q?Eleazar_Mart=EDnez?= <eleazar dot martinez at technosoft dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] NAT 1:1 problem
 Date:  Mon, 4 Apr 2005 08:27:42 -0500
>-----Original Message-----
>From: Claude Morin [mailto:klodefactor at gmail dot com] 
>Sent: Saturday, April 02, 2005 1:15 PM
>To: Eleazar Martínez
>Cc: m0n0wall at lists dot m0n0 dot ch
>Subject: Re: [m0n0wall] NAT 1:1 problem
>I don't see anything in your description about proxy ARP; have 
>you enabled 
>it? The firewall has to respond with its own MAC address when 
>the next-hop 
>WAN device tries to communicate with one of your NATed IPs.

I have not used proxy ARP and actually don't know what it should be used
for. I'll investigate about it and see if that solves the problem.


>On Apr 1, 2005 1:11 PM, Eleazar Martínez 
><eleazar dot martinez at technosoft dot com> 
>> I'm trying to setup my m0n0 box as follows:
>> LAN: IP <> 
>> WAN: IP <> GW 
>> OP1: IP <> 
>> I have a server in OP1 with the IP 
><> . I 
>> want the server to be
>> accessible (all ports/protocols) from the WAN side at the public ip 
>> address
>> <> . I add a NAT 1:1 on WAN 
>with external 
>> <> and internal
>> <> . Rules for the firewall 
>on WAN permit 
>> traffic for destination
>> <> and on the OP1 I allow 
>all traffic. My 
>> setup doesn't seem to
>> work...
>> Without the addition of the OP1 interface everything works fine.
>> On the WAN I have disabled the checkbox for "Block private networks".
>> Do you see any problems with the above setup?
>> Some extra fun that might be causing problems: from the WAN 
>side there 
>> will
>> be coming packets from 
><> (thanks to a 
>> vpn router) directed to
>> <> . Is this a problem 
>because the packets 
>> will 'look' like they
>> come from my LAN ( <> )? 
>Do I have to 
>> tell it somehow to not route
>> those packets to the LAN but send them using NAT to OP1 (a 
>static route
>> maybe)? And, lastly, am I just trying to do something that 
>isn't possible
>> with the packages that m0n0 uses internally?
>> By the way... I don't need any connection between LAN and 
>OP1 at all so 
>> it's
>> ok if they cannot see each other.
>> Thanks in advance.
>> -Eleazar Martínez