>From: Claude Morin [mailto:klodefactor at gmail dot com]
>Sent: Saturday, April 02, 2005 1:15 PM
>To: Eleazar Martínez
>Cc: m0n0wall at lists dot m0n0 dot ch
>Subject: Re: [m0n0wall] NAT 1:1 problem
>I don't see anything in your description about proxy ARP; have
>it? The firewall has to respond with its own MAC address when
>WAN device tries to communicate with one of your NATed IPs.
I have not used proxy ARP and actually don't know what it should be used
for. I'll investigate about it and see if that solves the problem.
>On Apr 1, 2005 1:11 PM, Eleazar Martínez
><eleazar dot martinez at technosoft dot com>
>> I'm trying to setup my m0n0 box as follows:
>> LAN: IP 192.168.0.1/24 <http://192.168.0.1/24>
>> WAN: IP 192.168.1.1/24 <http://192.168.1.1/24> GW
>> OP1: IP 192.168.2.1/24 <http://192.168.2.1/24>
>> I have a server in OP1 with the IP 192.168.2.10
><http://192.168.2.10> . I
>> want the server to be
>> accessible (all ports/protocols) from the WAN side at the public ip
>> 192.168.1.10 <http://192.168.1.10> . I add a NAT 1:1 on WAN
>> 192.168.1.10 <http://192.168.1.10> and internal
>> 192.168.2.10 <http://192.168.2.10> . Rules for the firewall
>on WAN permit
>> traffic for destination
>> 192.168.2.10 <http://192.168.2.10> and on the OP1 I allow
>all traffic. My
>> setup doesn't seem to
>> Without the addition of the OP1 interface everything works fine.
>> On the WAN I have disabled the checkbox for "Block private networks".
>> Do you see any problems with the above setup?
>> Some extra fun that might be causing problems: from the WAN
>> be coming packets from 192.168.0.0/24
><http://192.168.0.0/24> (thanks to a
>> vpn router) directed to
>> 192.168.1.10 <http://192.168.1.10> . Is this a problem
>because the packets
>> will 'look' like they
>> come from my LAN (192.168.0.0/24 <http://192.168.0.0/24> )?
>Do I have to
>> tell it somehow to not route
>> those packets to the LAN but send them using NAT to OP1 (a
>> maybe)? And, lastly, am I just trying to do something that
>> with the packages that m0n0 uses internally?
>> By the way... I don't need any connection between LAN and
>OP1 at all so
>> ok if they cannot see each other.
>> Thanks in advance.
>> -Eleazar Martínez