[ previous ] [ next ] [ threads ]
 From:  Mark Wass <mark dot wass at market dash analyst dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Rules to Servers on Opt1
 Date:  Fri, 30 Sep 2005 14:15:58 +1000
Hi Chris

That's a great start on the explanation, I have not been able to find an 
explanation as clear as that anywhere else in the list or Mono doco.

I have setup my Mono as you have suggested and now I just need to 
implement it.

Thanks SOOOO much for your help and contribution to this great project :-)



PS. I will be also implementing some IPSEC Tunnels in the future, that 
servers in my DMZ will need to use, If you have any good advice on that 
I'd be happy to hear from you :-)

PPS. I'm also looking forward to the first stable release of PFSense it 
has some great features that I no doubt we will make use of.

Chris Buechler wrote:

>On 9/29/05, Mark Wass <mark dot wass at market dash analyst dot com> wrote:
>>I have enabled "Advanced Outbound NAT" and not put any rules in.
>>I don't quite understand what enabling this does can you explain?
>working on the docs, wrote this as a quick and dirty outbound NAT
>write up.  I'll be improving it, but see if this answers your
>By default, m0n0wall automatically adds NAT rules to all interfaces
>        to NAT your internal hosts to your WAN IP address for outbound traffic.
>        The only exception is for any hosts for which you have
>configured 1:1 NAT
>        entries.  Therefore, if you are using public IP addresses on any of the
>        interfaces behind your m0n0wall (with the exception of bridged
>        you need to change m0n0wall's default NAT behavior by enabling advanced
>        outbound NAT.
>If you are using public IP addresses on all the interfaces behind
>        your m0n0wall, check the "Enable advanced outbound NAT" box
>and click Save.
>        Now nothing will be NAT'ed by m0n0wall.
>If you have a public IP subnet off one of your interfaces behind m0n0wall
>        and a private IP subnet behind another interface, you will
>need to enter your
>        own NAT mappings on this screen.  For example, if you have a
>LAN subnet of
> and a DMZ subnet with public IP addresses, you
>will need to
>        enable advanced outbound NAT, and click the plus at the bottom
>of this tab
>        to add a NAT mapping for your LAN network.  For this scenario, you will
>        want to add a rule for interface WAN, source, destination
>        any, target box blank, and enter a description of your choosing.
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch