[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] NAT bug - reaching LAN AP from internet
 Date:  Mon, 15 Aug 2005 10:58:10 -0400
On 8/15/05, Peter Parnièan <peter at procad dot sk> wrote:
> Hi, jsut arrive to home and first think was to check gateways of AP.
> Ovislink has 100.1 gateway (so same ip as mono is)
> My second AP is Senao and there is no possibility to set gateway. (all what
> can i do is set ip address of, AP, than turn on ACL..)
> My third AP ovis, has also gateway 100.1

Alright, the ones that don't support a gateway can't be accessed
outside their own subnet, so inbound NAT to them won't work.

The others, put a log entry on the firewall rules allowing the inbound
traffic just to verify that you see the passed traffic in the firewall
logs.  Then I'd capture the packets on the LAN side to see what it's
doing.  If you setup the NAT rules right, they aren't using their
gateway properly.  This can't be a bug, as there's nothing different
between opening a port to an AP, or opening it to anything else.  I
know many AP's are known for not supporting default gateways, or not
using them properly.  If you see the traffic getting passed in your
firewall rules, a packet capture on the LAN side will help determine
what's going wrong.