[ previous ] [ next ] [ threads ]
 From:  "Philippe Lang" <philippe dot lang at attiksystem dot ch>
 To:  "Kerem Erciyes" <k underscore erciyes at zegnaermenegildo dot it>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  =?utf-8?Q?RE=C2=A0=3A_=5Bm0n0wall=5D_NAT_on_LAN_inter?= =?utf-8?Q?face?=
 Date:  Tue, 30 Aug 2005 20:29:55 +0200
I posted a message a few days ago, which explained what I'm trying to do here, with an IPSEC VPN,
and why I would need NAT on the LAN interface. Here it is:

I'm trying to replace my actual Lightning firewall with a Soekris 4801
(m0n0wall 1.11), and I have a small problem:

My network is, and the remote network is

The problem is that the remote network already has a VPN with another network.

My solution with the Lightning was to map my to the network, and create a VPN between and networks, with a "mapto/source" and a "mapto/destination"
on my Lightning, like:

Source           Destination       Cmd     Translation    Type
----------------------------------------------------------------    mapto   Source   mapto     Destination

This permits to access the network without
interfering with the other network.

What would be the equivalent setting on the M0n0wall? I have tried
playing with the NAT 1:1, but I couldn't make it work. Do you have an
Lightning Firewalls can NAT on all interfaces, and have also a special "Global NAT", which is very
handy in specific situations like this one.

	-------- Message d'origine-------- 
	De: Kerem Erciyes [mailto:k underscore erciyes at zegnaermenegildo dot it] 
	Date: mar. 30/08/2005 18:24 
	À: Philippe Lang 
	Cc: m0n0wall at lists dot m0n0 dot ch 
	Objet: Re: [m0n0wall] NAT on LAN interface

	Hello Philippe, 

	I don't think NAT is the answer for what you are trying to do. If you 
	can elaborate some on what you are trying to do there might be some 
	answers for that. And what type of VPN are you talking about. IPSEC, 
	OpenVPN, PPTP or what? 

	As for PPTP using CMAK (Connection Manager Administration Kit) I created 
	PPTP connection setups for Windows XP clients and can give them special 
	default rules etc... 

	As for others I need to think a little. 


	Philippe Lang wrote: 

	>NAT/NAT1:1 on LAN interface are disabled, even on 1.2b9. Don't you think 
	>it would be a good idea to enable it too? I need to change the IP 
	>address of some computers on the LAN before entering a VPN, and back to 
	>their original value when going out of the VPN. 
	>I'm not sure in which order rules are being applied, and if NAT on WAN 
	>is being applied on packets that are routed inside a VPN. 
	>Philippe Lang 
	>Attik System 
	>rte de la Fonderie 2 
	>1700 Fribourg 
	>Tel:   +41 (26) 422 13 75 
	>Fax:   +41 (26) 422 13 76 
	>GSM:   +41 (79) 351 49 94 
	>Email: philippe dot lang at attiksystem dot ch 
	>Skype: philippe.lang 
	>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch 
	>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch