[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Rules to Servers on Opt1
 Date:  Thu, 29 Sep 2005 23:18:22 -0400
On 9/29/05, Mark Wass <mark dot wass at market dash analyst dot com> wrote:
> I have enabled "Advanced Outbound NAT" and not put any rules in.
>
> I don't quite understand what enabling this does can you explain?
>

working on the docs, wrote this as a quick and dirty outbound NAT
write up.  I'll be improving it, but see if this answers your
question.


By default, m0n0wall automatically adds NAT rules to all interfaces
        to NAT your internal hosts to your WAN IP address for outbound traffic.
        The only exception is for any hosts for which you have
configured 1:1 NAT
        entries.  Therefore, if you are using public IP addresses on any of the
        interfaces behind your m0n0wall (with the exception of bridged
interfaces)
        you need to change m0n0wall's default NAT behavior by enabling advanced
        outbound NAT.

If you are using public IP addresses on all the interfaces behind
        your m0n0wall, check the "Enable advanced outbound NAT" box
and click Save.
        Now nothing will be NAT'ed by m0n0wall.

If you have a public IP subnet off one of your interfaces behind m0n0wall
        and a private IP subnet behind another interface, you will
need to enter your
        own NAT mappings on this screen.  For example, if you have a
LAN subnet of
        192.168.1.0/24 and a DMZ subnet with public IP addresses, you
will need to
        enable advanced outbound NAT, and click the plus at the bottom
of this tab
        to add a NAT mapping for your LAN network.  For this scenario, you will
        want to add a rule for interface WAN, source 192.168.1.0/24, destination
        any, target box blank, and enter a description of your choosing.