[ previous ] [ next ] [ threads ]
 
 From:  "Daniel L. Hunter" <dhunter at techmethods dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0 IP vs. NAT IP
 Date:  Wed, 22 Jun 2005 15:51:38 -0400
Thanks for the input so far but it's still not working.  I've put some 
screen shots on my server and linked to them below.  I'd really 
appreciate it if you could take a look and let me know if you have any 
suggestions.

I'm using m0n0wall  v. 1.2b8 on a PCEngines Wrap board.

As noted by James, Anastasija, and Chris, since I only have one external 
IP address I don't need Server NAT so that is empty 
(http://www.techmethods.com/images/image1.gif).

I added the Inbound NAT selecting "Interface Address" as the External 
Address as follows (http://www.techmethods.com/images/image2.gif).

The firewall rules were added automatically for telnet and http.  I 
edited them both to include logging for both rules 
(http://www.techmethods.com/images/image3.gif).

Here's where I'm really confused.  In the log files, it shows that the 
firewall allowed the telnet traffic to pass into the network.  But I 
can't initiate a telnet session from outside.  I can, however, from 
inside.  Also, nothing is getting logged when I attempt an http 
request.  I've done this by trying to telnet to port 80 as well as using 
a web browser (http://www.techmethods.com/images/image4.gif).

As you can see from the next images, the services for which I'm trying 
to enable NAT are working inside the network 
(http://www.techmethods.com/images/image5.gif, 
http://www.techmethods.com/images/image6.gif, 
http://www.techmethods.com/images/image7.gif).

So I'm lost.  I checked with the ISP and they're not blocking any of the 
traffic.  I can ping the router from outside the network and at least 
some of the traffic is being logged.  I've tried this configuration with 
Proxy ARP both on and off using the WAN ip address but neither worked.  
Any help you could provide would be much appreciated.

Thanks,

Danny

********************************************
Daniel L. Hunter
TechMethods, LLC
(p) 304-876-9103
(f) 304-876-9203
http://www.TechMethods.com
dhunter at TechMethods dot com
********************************************



Chris Buechler wrote:

>On 6/21/05, Daniel L. Hunter <dhunter at techmethods dot com> wrote:
>  
>
>>So you need more than one public (WAN side) IP address to utilize NAT?
>>
>>    
>>
>
>No.  As James said, if you have more than one then you use Server NAT
>to add your additional IP's to the Inbound NAT options.  If you only
>have the WAN IP, then use Inbound NAT on the WAN IP, with nothing in
>server NAT.
>
>-Chris
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>
>  
>