RE: [m0n0wall] 1:1 NAT works ok, but there's a catch?

From:	brett at woollum dot com
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	RE: [m0n0wall] 1:1 NAT works ok, but there's a catch?
Date:	Sun, 20 Nov 2005 15:25:39 -0700
Ed, 

That does seem like thats why it wont work... Can you help describe to
me the proper way to set up the 5 public ips to redirect them to the 5
private IPs? 

BW

> -------- Original Message --------
> Subject: Re: [m0n0wall] 1:1 NAT works ok, but there's a catch?
> From: "Ed Chatlos" <edchat at bellsouth dot net>
> Date: Sat, November 19, 2005 8:18 pm
> To: "M0n0Wall" <m0n0wall at lists dot m0n0 dot ch>
> 
> First you can't forward the same ports to 2 different LAN IP addresses. You 
> have 2 entries that use the same ports going to 2 different LAN IPs. That 
> won't work.
> ----- Original Message ----- 
> From: <brett at woollum dot com>
> To: <m0n0wall at lists dot m0n0 dot ch>
> Sent: Saturday, November 19, 2005 11:07 PM
> Subject: RE: [m0n0wall] 1:1 NAT works ok, but there's a catch?
> 
> 
> > Ok, I have gone to Firewall:Rules:WAN and entered the following:
> >
> > Protocol/Source IP/Source Port/Dest IP/Dest Port/Description
> > TCP/UDP  *  *  192.168.1.1  80            HTTP
> > TCP/UDP  *  *  192.168.1.3  20-21       FTP
> > TCP/UDP  *  *  192.168.1.3  80            HTTP
> > TCP/UDP  *  *  192.168.1.3  5800-6000 VNC Server
> > TCP/UDP  *  *  192.168.1.4  5800-6000 VNC Server
> >
> > My WAN interface is addressed as x.193.
> > In Firewall:NAT:1:1 I have the following:
> >
> > Interface/Ext IP/Int IP/Decription
> > WAN  XXX.XXX.XXX.198/32  192.168.1.4/32  Maincomputer
> > WAN  XXX.XXX.XXX.198/32  192.168.1.3/32  Server PC
> >
> > In Services:Proxy ARP I have:
> > Interface/Network/Description
> > WAN  XXX.XXX.XXX.198  Description 1
> > WAN  XXX.XXX.XXX.205  Description 1
> > WAN  XXX.XXX.XXX.209  Description 1
> > WAN  XXX.XXX.XXX.251  Description 1
> >
> > After everything is applied and tested, it still will not work properly.
> > I can log onto my AOL client (which allows it to come from outside the
> > network) or even try from work and I get nothing on any of the port
> > 80's.. Not the monowall, not the server, no VNC.... If anyone can tell
> > me what other feature I need to add to make it work that would be
> > great!
> >
> > To recap my network:
> > I have 5 static IPs that need to be 'forwarded' to the appropriate
> > machines. These machines should be using their associated Public IP
> > when browsing the net (the 1:1 right now is working awesome to do
> > this).
> >
> > Thanks!
> > Brett Woollum
> >
> >
> >> -------- Original Message --------
> >> Subject: RE: [m0n0wall] 1:1 NAT works ok, but there's a catch?
> >> From: "James W. McKeand" <james at mckeand dot biz>
> >> Date: Sat, November 19, 2005 4:20 am
> >> To: <m0n0wall at lists dot m0n0 dot ch>
> >>
> >> Interface would be WAN
> >> Source IP would be any.
> >> Source port would be any.
> >> Destination IP would be Internal IP of server in question.
> >> Destination port would be <insert service port here> i.e. 80.
> >>
> >> _________________________________
> >> James W. McKeand
> >>
> >>
> >>
> >> -----Original Message-----
> >> From: brett at woollum dot com [mailto:brett at woollum dot com]
> >> Sent: Friday, 18 November 2005 6:15 PM
> >> To: James W. McKeand
> >> Subject: RE: [m0n0wall] 1:1 NAT works ok, but there's a catch?
> >>
> >> Ok, So I will enter a firewall rule for port 80, with a source port of
> >> any, and the destination private IP of 192.168.1.3. What should the
> >> source IP be? Or should it? Thanks!
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> >
> > -- 
> > No virus found in this incoming message.
> > Checked by AVG Anti-Virus.
> > Version: 7.1.362 / Virus Database: 267.13.3/174 - Release Date: 11/17/2005
> >
> > 
> 
> 
> 
> -- 
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.1.362 / Virus Database: 267.13.3/174 - Release Date: 11/17/2005
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch