[ previous ] [ next ] [ threads ]
 From:  "Ben R. Serebin" <ben at reefsolutions dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Issues with Server NAT & 1:1 for port fwding
 Date:  Fri, 9 Dec 2005 17:48:17 -0500
Hello All,

Wow... great UI.... note sarcasm. (If you want me to contribute info to docs, let me know.) Found
the problem with Server NAT. One must not select the External Address for the 2nd WAN IP on Inbound
NAT rules. Leave it at "Interface address" for Server NAT under Firewall:NAT rule.

Example of how to add protocol after adding IP in Server NAT.

Interface: WAN
External address: (leave it on Interface address)
Protocol: select protocol (e.g. SMTP)
External port range: (e.g. SMTP)
NAT IP: (e.g. internal IP of server hosting protocol)
Local port: (e.g. SMTP)
Description: (e.g. SMTP on Server 2)
[check this box] Auto-add a firewall rule to permit traffic through this NAT rule
[select Apply changes]


-----Original Message-----
From: Ben R. Serebin [mailto:ben "a t" reefsolutions "d o t" com]
Sent: Fri 12/9/2005 5:31 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Issues with Server NAT & 1:1 for port fwding
Hello All,

Damn SonicWall SOHO2 died... :-(  So, I'm seeing if I can use m0n0wall as a replacement. Running
m0n0wall with the "most recent version of m0n0wall" on a Soekris board.

** Issue **
Getting additional IPs working with port fwding. Primary WAN IP, works with port fwding working
(inbound NAT w/WAN rules). 

** What I attempted **
Add a 2nd WAN IP using Server NAT & inbound NAT w/ option "Auto-add a firewall rule to permit
traffic through this NAT rule".
- Server NAT shows my 2nd WAN IP
- Inbound NAT entry shows TCP 80 HTTP, NAT Internal IP (ext.:2nd WAN IP) Int. port range 80 (HTTP) 
- Firewall WAN Rule: TCP, *, *, Internal IP 2nd Server, 80 HTTP

I also attempted to do 1:1 NAT, since this is what I had on my SonicWall. But, that also didn't
work. Can someone explain the purpose for adding a 2nd IP using either method. The docs don't really
say very much.

If we can figure this out, I'll happily write documentation on the process.