On 5/2/05, Christophe De Coninck <god8y at rds dash clan dot be> wrote:
> I have this rule I made on the WAN port, so I could ssh to the syslog
> server for checking out the syslog messages from m0n0wall outside the
> wireless lan.
> m0n0wall itself has as ip on the wan: 10.0.0.24 and the syslogd server
> has 10.1.1.199 as alias ip (it works, tested that).
> Hope this is enough information for you to help me
> WAN interface
> Proto Source Port Destination Port Description
> TCP 10.0.0.3/24 * 10.0.0.24 443 (HTTPS) allow remote
> TCP/UDP 10.0.0.0/24 * 10.1.1.199 22 (SSH) allow ssh syslog
If you really want it to route (assuming this is within your LAN, and
you have private IP's on all sides, with m0n0wall WAN on your actual
LAN) you need to enable advanced outbound NAT without any NAT rules.
The way it is now, it probably routes the traffic in and NAT's it to
the WAN IP on the way back out, thus destroying the TCP session.