[ previous ] [ next ] [ threads ]
 From:  "Thibodeau, Dale" <dthibode at uwc dot edu>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] NAT and network monitoring, please help
 Date:  Tue, 11 Oct 2005 08:44:59 -0500
Even with CP off it won't allow me out on the web with NAT disabled.
So, it has nothing to do with the radius auth in the CP that's for sure.
"block private networks" is unchecked as well.

Any other ideas?  Could I send you my config?



-----Original Message-----
From: Chris Buechler [mailto:cbuechler at gmail dot com] 
Sent: Monday, October 10, 2005 4:35 PM
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] NAT and network monitoring, please help

On 10/10/05, Thibodeau, Dale <dthibode at uwc dot edu> wrote:
> Will I then need to configure an outbound NAT rule manually?  Checking

> the "enable advanced outbound NAT" is preventing users from logging 
> into the captive portal.

hrm, not sure why disabling NAT would mess up CP.  Everything works with
NAT disabled and CP disabled?

You can leave NAT on if you want, you'll have to setup 1:1 NAT entries
with proxy ARP'ed IP's on your WAN side to get to the devices behind the
m0n0wall in that setup (using the WAN side 1:1 NAT'ed IP's, not the IP's
behind m0n0wall).

You shouldn't need NAT at all since both sides of m0n0wall are on
private network space.  What you're doing now is NAT'ing them at
m0n0wall, then NAT'ing them again before they leave your network for the
Internet.  Double NAT'ing isn't recommended, NAT is enough of a kludge
when you only do it once.

also make sure "block private networks" isn't selected on the WAN
interface page.


To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch