[ previous ] [ next ] [ threads ]
 
 From:  "Josh Simoneau" <jsimoneau at lmtcs dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] m0n0 IP vs. NAT IP
 Date:  Wed, 22 Jun 2005 16:26:39 -0400 
Daniel,

I'm jumping into the middle of this without reading what was posted
before, so excuse any redundant information.

From what I can see on your NAT and Rules images, everything looks good.
Everything in the NAT section/tabs should be totally empty except those
two lines on the "Inbound" tab. Allowing it to auto-create the firewall
rules has always worked fine for me after doing at least a dozen
m0n0walls so I trust that to work fine. You might want to try nuking
everything and re-doing it, if you really can't get it to work.

If you only have one public IP address, proxy arp is not needed and
should be clear of any data.

It's a security risk, but you can try experimenting with some things.
Try creating a rule to allow everything from everywhere to your server,
see what happens. Try doing a 1:1 NAT to the server. Play with some
things and see what happens.

Regards,
Josh Simoneau
Pen Island Sales

-----Original Message-----
From: Daniel L. Hunter [mailto:dhunter at techmethods dot com] 
Sent: Wednesday, June 22, 2005 3:52 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] m0n0 IP vs. NAT IP

Thanks for the input so far but it's still not working.  I've put some
screen shots on my server and linked to them below.  I'd really
appreciate it if you could take a look and let me know if you have any
suggestions.

I'm using m0n0wall  v. 1.2b8 on a PCEngines Wrap board.

As noted by James, Anastasija, and Chris, since I only have one external
IP address I don't need Server NAT so that is empty
(http://www.techmethods.com/images/image1.gif).

I added the Inbound NAT selecting "Interface Address" as the External
Address as follows (http://www.techmethods.com/images/image2.gif).

The firewall rules were added automatically for telnet and http.  I
edited them both to include logging for both rules
(http://www.techmethods.com/images/image3.gif).

Here's where I'm really confused.  In the log files, it shows that the
firewall allowed the telnet traffic to pass into the network.  But I
can't initiate a telnet session from outside.  I can, however, from
inside.  Also, nothing is getting logged when I attempt an http request.
I've done this by trying to telnet to port 80 as well as using a web
browser (http://www.techmethods.com/images/image4.gif).

As you can see from the next images, the services for which I'm trying
to enable NAT are working inside the network
(http://www.techmethods.com/images/image5.gif,
http://www.techmethods.com/images/image6.gif,
http://www.techmethods.com/images/image7.gif).

So I'm lost.  I checked with the ISP and they're not blocking any of the
traffic.  I can ping the router from outside the network and at least
some of the traffic is being logged.  I've tried this configuration with
Proxy ARP both on and off using the WAN ip address but neither worked.  
Any help you could provide would be much appreciated.

Thanks,

Danny

********************************************
Daniel L. Hunter
TechMethods, LLC
(p) 304-876-9103
(f) 304-876-9203
http://www.TechMethods.com
dhunter at TechMethods dot com
********************************************



Chris Buechler wrote:

>On 6/21/05, Daniel L. Hunter <dhunter at techmethods dot com> wrote:
>  
>
>>So you need more than one public (WAN side) IP address to utilize NAT?
>>
>>    
>>
>
>No.  As James said, if you have more than one then you use Server NAT 
>to add your additional IP's to the Inbound NAT options.  If you only 
>have the WAN IP, then use Inbound NAT on the WAN IP, with nothing in 
>server NAT.
>
>-Chris
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>
>  
>