[ previous ] [ next ] [ threads ]
 
 From:  sai <sonicsai at gmail dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: private lan on WAN interface
 Date:  Fri, 9 Sep 2005 16:34:40 +0500 
One more question...

why the difference in the 2 lines from "ipnat -l"
map vr0 from xyz.abc.160.0/24 ! to xyz.abc.162.0/24 -> 0.0.0.0/32
map vr0 xyz.abc.162.0/24 -> xyz.abc.160.0/24 portmap tcp/udp auto

The second is added by me but has no "from" or "to". Have I done
something wrong?

On 9/9/05, sai <sonicsai at gmail dot com> wrote:
> xyz.abc.162.4/24  is the remote LAN
> xyz.abc.160.4/24  is the local LAN
> vr0 is the m0n0 WAN port
> 
> exec.php
> ifconfig vr0 inet xyz.abc.162.4/24 alias
> 
> All traffic from remote LAN is routed to m0n0 on the WAN interface by
> a private circuit.
> I need the remote LAN and the local LAN to be able to access each
> other with no restrictions
> 
> (tick) Enable advanced outbound NAT
> WAN  	 xyz.abc.160.0/24  	 ! xyz.abc.162.0/24  	 *  	 normal LAN NAT   	   
> WAN 	xyz.abc.160.0/24 	xyz.abc.162.0/24 	xyz.abc.162.4 	allow local
> LAN to access remote
> 
> exec.php:
> echo "map vr0 xyz.abc.162.0/24 -> xyz.abc.160.0/24 portmap tcp/udp
> auto" | ipnat -f -
> 
> $ ipnat -l
> List of active MAP/Redirect filters:
> map vr0 from xyz.abc.160.0/24 to xyz.abc.162.0/24 -> xyz.abc.162.4/32
> proxy port ftp ftp/tcp
> map vr0 from xyz.abc.160.0/24 to xyz.abc.162.0/24 -> xyz.abc.162.4/32
> portmap tcp/udp auto
> map vr0 from xyz.abc.160.0/24 to xyz.abc.162.0/24 -> xyz.abc.162.4/32
> map vr0 from xyz.abc.160.0/24 ! to xyz.abc.162.0/24 -> 0.0.0.0/32
> proxy port ftp ftp/tcp
> map vr0 from xyz.abc.160.0/24 ! to xyz.abc.162.0/24 -> 0.0.0.0/32
> portmap tcp/udp auto
> map vr0 from xyz.abc.160.0/24 ! to xyz.abc.162.0/24 -> 0.0.0.0/32
> map vr0 xyz.abc.162.0/24 -> xyz.abc.160.0/24 portmap tcp/udp auto
> 
> now I can access the remote LAN from the local LAN no probs. However
> the last line above is meant to allow access (by NAT) of the local LAN
> by the remote. This does not work. If I allow all from the remote host
> I can access the m0n0 web interface on xyz.abc.162.4 (but a ping to
> the same address gives "Destination host unreachable" ???!!). However
> I cannot get into the local LAN.
> 
> Any ideas of what else to try?
> 
> sai
>