[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Nated mail server
 Date:  Wed, 2 Nov 2005 22:21:57 -0400
On 11/2/05, Claudio Castro <ccastro at unr dot edu dot ar> wrote:
> I have a 1:1 NAT defined, a public ip for the firewall and another
> correspond to an internal ip of my DMZ mail server), the
> default gateway of the mail server is, but..the mail server doesnt
> "see" the internet. When I go to m0n0 admin I trought a ping trought the DMZ
> interface to www.google.com and I get this:
> PING www.l.google.com ( from 56 data bytes
> 64 bytes from icmp_seq=0 ttl=236 time=155.952 ms
> --- www.l.google.com ping statistics ---
> 1 packets transmitted, 1 packets received, 0% packet loss
> Instead of "from" why I doesnt come from the NAT is not
> working?

because when you ping from an interface, the source is the IP of that
interface.  That's not the proper way to test 1:1.  Once you can get
out from the mail server, try going to http://whatismyip.com and see
what it says.  It should show the public side of that 1:1 setup.

My first guess is you didn't setup proxy ARP on that IP.  My second is
you didn't put rules on the DMZ interface allowing traffic outbound.

> I have nothing set in Outbound NAT...should I?