I have noticed many times in the past the questions surrounding the
following scenario. Using PF or some other firewall, if you try to
access a NAT'ed service, usually a web server that you are hosting
behind the firewall, basically it fails. Because the firewall will
not pass the request, simply stated the firewall does not support
"bouncing" (not a technical term) the request. Or in other words it
does not support out, resolve the IP and allow the request back in. I
recognize the entry in the manual
(http://doc.m0n0.ch/handbook/faq-lannat.html) on the DNS workaround.
I do have another kludge (http://en.wikipedia.org/wiki/Kludge) that
works just fine. It involves putting a linksys router in front of the
m0n0wall, you can read more about it at http://www.pescitelli.com/.
This solution does have some added benefits, such as deploying a
physical port for SNORT that sees all the raw internet traffic without
having to delve into sniffing PPPoE traffic.
Your feedback would be appreciated.