|
||||||||
Chris Buechler wrote: > On 10/26/05, Roland Giesler <roland at giesler dot za dot net> wrote: >> If I NAT traffic from WAN to LAN on port 443, the attempted traffic >> is not even registered in the logs. No block or accept entry. > Nothing, >> nada, zilch. However, if I use a secondary IP on the WAN, it all >> works 100%! (I'm refering to adding another IP under "Server NAT") > is your webGUI using https? No. >> Does this mean that I cannot NAT from the WAN addres? > > No, the interface address option on the Inbound NAT screen does that. > Server NAT is only for IP's other than your WAN IP. I gathered that, but was just wondering if I understood something incorrectly. >> Here's some data for the config that works. Below that is the >> config that doesn't work. >> > > config.xml, or the entire status.php page, would be much more useful. > The bit you provided doesn't help much. Ok, here the whole thing. <?xml version="1.0"?> <m0n0wall> <version>1.6</version> <lastchange>1130403122</lastchange> <system> <hostname>firewall</hostname> <domain>taxpoint.co.za</domain> <username>admin</username> <password>xxxxx</password> <timezone>Etc/GMT+2</timezone> <time-update-interval>300</time-update-interval> <timeservers>pool.ntp.org</timeservers> <webgui> <protocol>http</protocol> <port/> </webgui> <dnsserver>168.210.2.2</dnsserver> <dnsserver>196.14.239.2</dnsserver> </system> <interfaces> <lan> <if>fxp0</if> <ipaddr>x.x.x.1</ipaddr> <subnet>24</subnet> <media/> <mediaopt/> </lan> <wan> <if>rl0</if> <mtu/> <blockpriv/> <media/> <mediaopt/> <ipaddr>196.35.140.58</ipaddr> <subnet>29</subnet> <gateway>196.35.140.57</gateway> <spoofmac/> </wan> </interfaces> <staticroutes/> <pppoe/> <pptp/> <bigpond/> <dyndns> <type>dyndns</type> <username/> <password/> <host/> <mx/> <server/> <port/> </dyndns> <dnsupdate/> <dhcpd> <lan> <range> <from>192.168.1.100</from> <to>192.168.1.199</to> </range> </lan> </dhcpd> <pptpd> <mode/> <redir/> <localip/> <remoteip/> </pptpd> <dnsmasq> <enable/> </dnsmasq> <snmpd> <syslocation>ecclesia building</syslocation> <syscontact>Roland Giesler</syscontact> <rocommunity>public</rocommunity> <enable/> </snmpd> <diag> <ipv6nat> <ipaddr/> </ipv6nat> </diag> <bridge/> <syslog> <reverse/> <nentries>50</nentries> <remoteserver>x.x.x.76</remoteserver> <filter/> <system/> <enable/> <resolve/> </syslog> <nat> <rule> <protocol>tcp</protocol> <external-port>443</external-port> <target>x.x.x.2</target> <local-port>443</local-port> <interface>wan</interface> <descr>Upload site</descr> </rule> <rule> <external-address>196.35.140.62</external-address> <protocol>tcp</protocol> <external-port>2401</external-port> <target>x.x.x.76</target> <local-port>2401</local-port> <interface>wan</interface> <descr>Development CVS</descr> </rule> <rule> <external-address>196.35.140.62</external-address> <protocol>tcp</protocol> <external-port>8080</external-port> <target>x.x.x.76</target> <local-port>8080</local-port> <interface>wan</interface> <descr>JBoss Webserver</descr> </rule> <rule> <protocol>tcp</protocol> <external-port>3000</external-port> <target>x.x.x.2</target> <local-port>3000</local-port> <interface>wan</interface> <descr>Transunion ITC</descr> </rule> <servernat> <ipaddr>196.35.140.62</ipaddr> <descr>Development Server</descr> </servernat> </nat> <filter> <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp</protocol> <source> <any/> </source> <destination> <address>x.x.x.2</address> <port>443</port> </destination> <log/> <descr>Client Upload site</descr> </rule> <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp</protocol> <source> <any/> </source> <destination> <address>x.x.x.76</address> <port>8080</port> </destination> <log/> <descr>NAT JBoss Webserver</descr> </rule> <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp</protocol> <source> <address>196.36.251.73</address> </source> <destination> <address>x.x.x.2</address> <port>3000</port> </destination> <log/> <descr>NAT Transunion ITC</descr> </rule> <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp</protocol> <source> <any/> </source> <destination> <address>x.x.x.76</address> <port>2401</port> </destination> <log/> <descr>NAT Development CVS</descr> </rule> <rule> <type>pass</type> <descr>Default LAN -> any</descr> <interface>lan</interface> <source> <network>lan</network> </source> <destination> <any/> </destination> </rule> </filter> <shaper/> <ipsec/> <aliases/> <proxyarp> <proxyarpnet> <interface>wan</interface> <network>196.35.140.62/32</network> <descr/> </proxyarpnet> </proxyarp> <wol/> </m0n0wall> |