[ previous ] [ next ] [ threads ]
 From:  Mark Wass <mark dot wass at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  NAT Between OPT1 and OPT2
 Date:  Sun, 27 Nov 2005 17:47:49 +1000
Hi All

Would it be possible to do Outbound NATing between OPT1 and OPT2.

My plan is to present all traffic leaving monowall out the OPT2 
interface to appear to be coming from the IP of OPT2 interface.

For example, a server on OPT1 network (Server IP = trying 
to connect to a server hanging off the OPT2 network (Server IP = would appear to be coming from the IP of the OPT2 interface 

This is the rule I was planning on trying.

Interface   Source            Destination      Target
OPT2        *             *

In addition to this I have a remote site (m0n0wall#1) that creates an 
IPSEC tunnel to the site.

The IPSEC tunnel is created between subnet and (a network that hangs off the OPT2 interface)
I'll also have a 2nd IPSEC tunnel between and (this will cover - on m0n0wall#2)

I wanted to create an outbound NAT rule for the subnet as 
well, this is what I was planning on using.

Interface   Source            Destination      Target
OPT2         *             *

Now because this subnet ( is on a remote site connecting 
through to m0n0wall#2 over IPSEC, is this going to be an issue? Will it 

Of course I will also have a static route on m0n0wall#2 pointing to the 
Cisco Router to get to the network

Here is a rough diagram.

  Remote Subnet
       | Internet (IPSEC Tunnel)
   m0n0wall#2--------------Cisco Router-----------Server#1
       |     OPT2            (No NAT)

I hope someone can help


Oh yeah... here's a Christmas tip. m0n0wall merchandise makes a great 
gift idea, I have put some m0n0 items on my wish list so should you! :-)