RE: [m0n0wall] Issues with Server NAT & 1:1 for port fwding

From:	"James W. McKeand" <james at mckeand dot biz>
To:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] Issues with Server NAT & 1:1 for port fwding
Date:	Fri, 9 Dec 2005 16:46:26 -0600

Ben R. Serebin wrote:
> Hello All,
> 
> Damn SonicWall SOHO2 died... :-(  So, I'm seeing if I can use
> m0n0wall as a replacement. Running m0n0wall with the "most recent
> version of m0n0wall" on a Soekris board.  
> 
> ** Issue **
> Getting additional IPs working with port fwding. Primary WAN IP,
> works with port fwding working (inbound NAT w/WAN rules). 
> 
> ** What I attempted **
> Add a 2nd WAN IP using Server NAT & inbound NAT w/ option "Auto-add a
> firewall rule to permit traffic through this NAT rule". 
> - Server NAT shows my 2nd WAN IP
> - Inbound NAT entry shows TCP 80 HTTP, NAT Internal IP (ext.:2nd WAN
> IP) Int. port range 80 (HTTP) 
> - Firewall WAN Rule: TCP, *, *, Internal IP 2nd Server, 80 HTTP
> 
> I also attempted to do 1:1 NAT, since this is what I had on my
> SonicWall. But, that also didn't work. Can someone explain the
> purpose for adding a 2nd IP using either method. The docs don't
> really say very much.   
> 
> If we can figure this out, I'll happily write documentation on the
> process. 

Depending on your ISP you may one of the following issues:

1) You need Proxy ARP enabled. (I have a client that just did you are
doing. He has a PPPoE DSL line and needed Proxy ARP.)

2) Your ISP's may have extra long TTLs on their gear. You may just need
to reboot your ISP/s modem/router or wait for the TTL to expire. (if the
gear is upstream from you waiting may be only option - it will work
tomorrow...)

_________________________________
James W. McKeand