[ previous ] [ next ] [ threads ]
 From:  "Brian" <mono at ricerage dot org>
 To:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] NAT bug - reaching LAN AP from internet
 Date:  Mon, 15 Aug 2005 11:06:01 -0400 (EDT)
> On 8/15/05, Peter Parnièan <peter at procad dot sk> wrote:
>> Hi, jsut arrive to home and first think was to check gateways of AP.
>> Ovislink has 100.1 gateway (so same ip as mono is)
>> My second AP is Senao and there is no possibility to set gateway. (all
>> what
>> can i do is set ip address of, AP, than turn on ACL..)
>> My third AP ovis, has also gateway 100.1
> Alright, the ones that don't support a gateway can't be accessed
> outside their own subnet, so inbound NAT to them won't work.
> The others, put a log entry on the firewall rules allowing the inbound
> traffic just to verify that you see the passed traffic in the firewall
> logs.  Then I'd capture the packets on the LAN side to see what it's
> doing.  If you setup the NAT rules right, they aren't using their
> gateway properly.  This can't be a bug, as there's nothing different
> between opening a port to an AP, or opening it to anything else.  I
> know many AP's are known for not supporting default gateways, or not
> using them properly.  If you see the traffic getting passed in your
> firewall rules, a packet capture on the LAN side will help determine
> what's going wrong.
> -Chris

Hey there Petey. I'm curious... When you're done following Chris' advice,
copy and paste the WAN (not NAT) rule you've got set for this. Format it
to be like the following example:

 TCP  	 *  	 *  	 *  	 113  	 Reject ident requests