|
||||||||
All, Short Background: I have noticed many times in the past the questions surrounding the following scenario. Using PF or some other firewall, if you try to access a NAT'ed service, usually a web server that you are hosting behind the firewall, basically it fails. Because the firewall will not pass the request, simply stated the firewall does not support "bouncing" (not a technical term) the request. Or in other words it does not support out, resolve the IP and allow the request back in. I recognize the entry in the manual (http://doc.m0n0.ch/handbook/faq-lannat.html) on the DNS workaround. I do have another kludge (http://en.wikipedia.org/wiki/Kludge) that works just fine. It involves putting a linksys router in front of the m0n0wall, you can read more about it at http://www.pescitelli.com/. This solution does have some added benefits, such as deploying a physical port for SNORT that sees all the raw internet traffic without having to delve into sniffing PPPoE traffic. Your feedback would be appreciated. -- regards, Paul Pescitelli |