[ previous ] [ next ] [ threads ]
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Webserver behind MonoWall
 Date:  Tue, 4 Oct 2005 09:35:23 -0500
Joe Rodiguez Jr. wrote:
> Hi, and thank you for responding. One question though, what do you
> suggest I put for on the inbound rule where it asked to the external
> port range I have it set to 80, however when I do this and select
> "Auto-add a firewall rule to permit traffic through this NAT rule" at
> the bottom of the screen, it sets up a firewall rule as follows:
>       Proto Source Port Destination Port Description
>       TCP  *  *  80 (HTTP)  NATed IIS Rule
> Which is correct?  Do you see my confusion?

When you add an inbound NAT you are telling m0n0wall that you want port
80 on the WAN IP (or additional External IP if Server NAT) forwarded to
port 80 on the Internal IP (.1.100 in your example above). A NAT rule
will be created stating: External IP port 80 goes to Internal IP port
80. When you tell m0n0wall to auto-create the firewall rule - there will
be the above rule will be created. Stating to allow traffic to port 80
on the internal IP.

Keep in mind that Inbound NAT Rules and the Firewall Rules are separate
mechanisms - closely related, but separate. If you tell m0n0wall what
you want on the Inbound NAT and let it figure out the associated
Firewall rules, life is much easier.

James W. McKeand