Re: [m0n0wall] *Really" strange WAN pinhole behaviour

From:	Chris Buechler <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] *Really" strange WAN pinhole behaviour
Date:	Sun, 8 May 2005 19:10:01 -0400

On 5/7/05, Stephan A. Rickauer <stephan at rickauer dot com> wrote:
> Guys,
> 
> I am hoping to get some help here as I wasn't able to solve my problem myself,
> neither by spending half a day on it, nor by finding it on the web/lists etc.
> I have to admit this is the first time I am *not* using a Linux/iptables
> box ...
> 
> We have a fairly simple setup:
> 
>     SERVER ------- m0n0wall ------- CLIENT
> 
> where m0n0walls interfaces belong to private networks; WAN=10.1.1.1,
> LAN=192.168.1.254. In the above sketch, m0n0s _right_ interface is LAN, and
> the _left_ interface is WAN. SERVER has 10.1.1.50, CLIENT is 192.168.1.1.
> 
> All I want to do is to have ssh access from the SERBER to the CLIENT (not the
> 'usual' other way around, pls. don't ask me why :) ). Dumb approach: I added
> a rule for 'WAN' allowing ssh from SERVER to CLIENT. Doesn't work, so I
> thought maybe I need to specify the reverse 'channel' separately. So I added
> a LAN rule, allowing the accordant back connection from CLIENT to SERVER.
> 
> (btw: Is that the way to do it when not wanting NAT?)
> 

Turn on advanced outbound NAT on the NAT screen, outbound tab, to turn
off NAT.  NAT is breaking the connection because return packets are
getting NAT'ed.

-Chris