[ previous ] [ next ] [ threads ]
 
 From:  "Roland Giesler" <roland at giesler dot za dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] NAT via the WAN address doesn't work?
 Date:  Thu, 27 Oct 2005 11:03:35 +0200
Chris Buechler wrote:
> On 10/26/05, Roland Giesler <roland at giesler dot za dot net> wrote:
>> If I NAT traffic from WAN to LAN on port 443, the attempted traffic
>> is not even registered in the logs.  No block or accept entry.
>  Nothing,
>> nada, zilch.  However, if I use a secondary IP on the WAN, it all
>> works 100%! (I'm refering to adding another IP  under "Server NAT")
> is your webGUI using https?
No. 

>> Does this mean that I cannot NAT from the WAN addres?
> 
> No, the interface address option on the Inbound NAT screen does that.
> Server NAT is only for IP's other than your WAN IP.
I gathered that, but was just wondering if I understood something
incorrectly.

>> Here's some data for the config that works.  Below that is the
>> config that doesn't work. 
>> 
> 
> config.xml, or the entire status.php page, would be much more useful.
> The bit you provided doesn't help much.
Ok, here the whole thing.

<?xml version="1.0"?>
<m0n0wall>
    <version>1.6</version>
    <lastchange>1130403122</lastchange>
    <system>
        <hostname>firewall</hostname>
        <domain>taxpoint.co.za</domain>
        <username>admin</username>
        <password>xxxxx</password>
        <timezone>Etc/GMT+2</timezone>
        <time-update-interval>300</time-update-interval>
        <timeservers>pool.ntp.org</timeservers>
        <webgui>
            <protocol>http</protocol>
            <port/>
        </webgui>
        <dnsserver>168.210.2.2</dnsserver>
        <dnsserver>196.14.239.2</dnsserver>
    </system>
    <interfaces>
        <lan>
            <if>fxp0</if>
            <ipaddr>x.x.x.1</ipaddr>
            <subnet>24</subnet>
            <media/>
            <mediaopt/>
        </lan>
        <wan>
            <if>rl0</if>
            <mtu/>
            <blockpriv/>
            <media/>
            <mediaopt/>
            <ipaddr>196.35.140.58</ipaddr>
            <subnet>29</subnet>
            <gateway>196.35.140.57</gateway>
            <spoofmac/>
        </wan>
    </interfaces>
    <staticroutes/>
    <pppoe/>
    <pptp/>
    <bigpond/>
    <dyndns>
        <type>dyndns</type>
        <username/>
        <password/>
        <host/>
        <mx/>
        <server/>
        <port/>
    </dyndns>
    <dnsupdate/>
    <dhcpd>
        <lan>
            <range>
                <from>192.168.1.100</from>
                <to>192.168.1.199</to>
            </range>
        </lan>
    </dhcpd>
    <pptpd>
        <mode/>
        <redir/>
        <localip/>
        <remoteip/>
    </pptpd>
    <dnsmasq>
        <enable/>
    </dnsmasq>
    <snmpd>
        <syslocation>ecclesia building</syslocation>
        <syscontact>Roland Giesler</syscontact>
        <rocommunity>public</rocommunity>
        <enable/>
    </snmpd>
    <diag>
        <ipv6nat>
            <ipaddr/>
        </ipv6nat>
    </diag>
    <bridge/>
    <syslog>
        <reverse/>
        <nentries>50</nentries>
        <remoteserver>x.x.x.76</remoteserver>
        <filter/>
        <system/>
        <enable/>
        <resolve/>
    </syslog>
    <nat>
        <rule>
            <protocol>tcp</protocol>
            <external-port>443</external-port>
            <target>x.x.x.2</target>
            <local-port>443</local-port>
            <interface>wan</interface>
            <descr>Upload site</descr>
        </rule>
        <rule>
            <external-address>196.35.140.62</external-address>
            <protocol>tcp</protocol>
            <external-port>2401</external-port>
            <target>x.x.x.76</target>
            <local-port>2401</local-port>
            <interface>wan</interface>
            <descr>Development CVS</descr>
        </rule>
        <rule>
            <external-address>196.35.140.62</external-address>
            <protocol>tcp</protocol>
            <external-port>8080</external-port>
            <target>x.x.x.76</target>
            <local-port>8080</local-port>
            <interface>wan</interface>
            <descr>JBoss Webserver</descr>
        </rule>
        <rule>
            <protocol>tcp</protocol>
            <external-port>3000</external-port>
            <target>x.x.x.2</target>
            <local-port>3000</local-port>
            <interface>wan</interface>
            <descr>Transunion ITC</descr>
        </rule>
        <servernat>
            <ipaddr>196.35.140.62</ipaddr>
            <descr>Development Server</descr>
        </servernat>
    </nat>
    <filter>
        <rule>
            <type>pass</type>
            <interface>wan</interface>
            <protocol>tcp</protocol>
            <source>
                <any/>
            </source>
            <destination>
                <address>x.x.x.2</address>
                <port>443</port>
            </destination>
            <log/>
            <descr>Client Upload site</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>wan</interface>
            <protocol>tcp</protocol>
            <source>
                <any/>
            </source>
            <destination>
                <address>x.x.x.76</address>
                <port>8080</port>
            </destination>
            <log/>
            <descr>NAT JBoss Webserver</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>wan</interface>
            <protocol>tcp</protocol>
            <source>
                <address>196.36.251.73</address>
            </source>
            <destination>
                <address>x.x.x.2</address>
                <port>3000</port>
            </destination>
            <log/>
            <descr>NAT Transunion ITC</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>wan</interface>
            <protocol>tcp</protocol>
            <source>
                <any/>
            </source>
            <destination>
                <address>x.x.x.76</address>
                <port>2401</port>
            </destination>
            <log/>
            <descr>NAT Development CVS</descr>
        </rule>
        <rule>
            <type>pass</type>
            <descr>Default LAN -&gt; any</descr>
            <interface>lan</interface>
            <source>
                <network>lan</network>
            </source>
            <destination>
                <any/>
            </destination>
        </rule>
    </filter>
    <shaper/>
    <ipsec/>
    <aliases/>
    <proxyarp>
        <proxyarpnet>
            <interface>wan</interface>
            <network>196.35.140.62/32</network>
            <descr/>
        </proxyarpnet>
    </proxyarp>
    <wol/>
</m0n0wall>