On 10/10/05, Thibodeau, Dale <dthibode at uwc dot edu> wrote:
> Will I then need to configure an outbound NAT rule manually? Checking
> the "enable advanced outbound NAT" is preventing users from logging into
> the captive portal.
hrm, not sure why disabling NAT would mess up CP. Everything works
with NAT disabled and CP disabled?
You can leave NAT on if you want, you'll have to setup 1:1 NAT entries
with proxy ARP'ed IP's on your WAN side to get to the devices behind
the m0n0wall in that setup (using the WAN side 1:1 NAT'ed IP's, not
the IP's behind m0n0wall).
You shouldn't need NAT at all since both sides of m0n0wall are on
private network space. What you're doing now is NAT'ing them at
m0n0wall, then NAT'ing them again before they leave your network for
the Internet. Double NAT'ing isn't recommended, NAT is enough of a
kludge when you only do it once.
also make sure "block private networks" isn't selected on the WAN