[ previous ] [ next ] [ threads ]
 From:  Paul Pescitelli <paul dot pescitelli at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Accessing NAT'ed Services behind Firewall
 Date:  Tue, 3 Jan 2006 11:43:18 -0500

Short Background:
I have noticed many times in the past the questions surrounding the
following scenario. Using PF or some other firewall, if you try to
access a NAT'ed service, usually a web server that you are hosting
behind the firewall, basically it fails.  Because the firewall will
not pass the request, simply stated the firewall does not support
"bouncing" (not a technical term) the request. Or in other words it
does not support  out, resolve the IP and allow the request back in. I
recognize the entry in the manual
(http://doc.m0n0.ch/handbook/faq-lannat.html) on the DNS workaround.

I do have another kludge (http://en.wikipedia.org/wiki/Kludge) that
works just fine. It involves putting a linksys router in front of the
m0n0wall, you can read more about it at http://www.pescitelli.com/.

This solution does have some added benefits, such as deploying a
physical port for SNORT that sees all the raw internet traffic without
having to delve into sniffing PPPoE traffic.

Your feedback would be appreciated.

Paul Pescitelli