[ previous ] [ next ] [ threads ]
 
 From:  Justin Reid <justinreid at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Accessing NATed service from LAN - is it coming?
 Date:  Wed, 3 Aug 2005 14:22:25 -0400
How do i set this up? Is it a manual change in a file?

-Justin


> it's said ipfilter can not do this kind of work. that's wrong.
>
> here is an example. let's say A.B.C.D1 is the LAN address and E.F.G.H
> is WAN address and A.B.C.D2 is the address of the internal web server
> which is published to the outside world.
>
> ipnat.rules
>
> rdr WAN 0/32 port 80 -> A.B.C.D2 port 80 tcp
> rdr LAN E.F.G.H/32 port 80 -> A.B.C.D2 port 80 tcp
> map LAN from A.B.C.D/24 to A.B.C.D2/32 port = 80 -> E.F.G.H/32  
> portmap tcp auto
>
> now http://E.F.G.H is accessible to the LAN users.
>
> quite simple, isn't it. but 2 problems arise.
> first, performance. m0n0 might be overloaded, because those packets
> need to be rewritten twice.
> second, WAN ip address. WAN ip address must be hard coded into the
> last two rules. when the WAN ip address is statically allocated, it's
> not a problem. however, for those who using dhcp/pptp/pppoe, their WAN
> ip address will change. that change must be tracked and ipnat rules
> must be modified upon that change. thus a script should be put into
> the mini-crontab to monitor the change, or somebody knows a better
> way?
>
> sorry for my poor english