Re: [m0n0wall] firewall rule not working ?

From:	Chris Buechler <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] firewall rule not working ?
Date:	Mon, 2 May 2005 15:31:34 -0400

On 5/2/05, Christophe De Coninck <god8y at rds dash clan dot be> wrote:
> I have this rule I made on the WAN port, so I could ssh to the syslog
> server for checking out the syslog messages from m0n0wall outside the
> wireless lan.
> m0n0wall itself has as ip on the wan: 10.0.0.24 and the syslogd server
> has 10.1.1.199 as alias ip (it works, tested that).
> Hope this is enough information for you to help me
> 
> WAN interface
>         Proto   Source  Port    Destination     Port    Description
>  TCP    10.0.0.3/24     *       10.0.0.24       443 (HTTPS)     allow remote
> administration
>         TCP/UDP         10.0.0.0/24     *       10.1.1.199      22 (SSH)        allow ssh syslog
server
> 

If you really want it to route (assuming this is within your LAN, and
you have private IP's on all sides, with m0n0wall WAN on your actual
LAN) you need to enable advanced outbound NAT without any NAT rules. 
The way it is now, it probably routes the traffic in and NAT's it to
the WAN IP on the way back out, thus destroying the TCP session.

-Chris