[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] NAT and network monitoring, please help
 Date:  Fri, 7 Oct 2005 17:17:34 -0400
On 10/7/05, Thibodeau, Dale <dthibode at uwc dot edu> wrote:
> I did a search but couldn't find anything similar so I'm going to put
> this out for comment.
> My m0n0 setup is like this, pretty simple;
>     |---------|    |---------|    |------------|
>     | WAN     |----| M0N0    |----| LAN        |
>     |10.64.x.x|    |         |    |192.168.1.x |
>     |---------|    |---------|    |------------|
> My wireless users connect to about 10 wireless access points on the LAN
> side and with the captive portal authenticate with a radius server on
> the WAN side.  How do I setup M0n0wall to allow my workstation on the
> WAN side full access to the Wap's on the LAN side?

Don't NAT at all.  Assuming your workstation is on the 10.x.x.x
network, if you disable NAT and put in the appropriate firewall rules,
you'll be able to get to anything behind m0n0wall.

If you want to do it without disabling NAT, 1:1 NAT for each AP is
probably the best solution.

Given that the WAN side is on a private IP network, you probably don't
want to be NAT'ing anyway since you'll then end up double NAT'ing when
users go out to the Internet, and that just gets ugly...