[ previous ] [ next ] [ threads ]
 
 From:  "Chris Mason (Lists)" <lists at masonc dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Rewrite packet source IP
 Date:  Wed, 15 Feb 2006 20:19:09 -0400
I have had a M0n0wall firewall protecting the network and acting as the 
default gatgeway for some time and I love it, it's fantastic. But I want 
to implement a different scenario and I am having some problems.
M0n0wall is has static internet innet ip on WAN1 of 200.00.00.01
The Lan IP is 192.168.0.1
The squid proxy/web/email server at 192.168.200.2 which is eth0, has an 
ADSL connection connected to eth1 with a public IP and a default gateway 
from the ISP
When a LAN  computer accesses the squid proxy, the browsing traffic is 
filtered and if allowed, goes out eth1. That works perfectly.

M0n0wall directs any http traffic to 192.168.0.2 through a NAT rule
- <#> <rule>
  <protocol>tcp</protocol>
  <external-port>80</external-port>
  <target>192.168.200.2</target>
  <local-port>80</local-port>
  <interface>wan</interface>
<descr>HTTP to Loki</descr>
</rule>

However, the proxy server tries to route the traffic out the default 
gateway. I thought NAT would rewrite the packets so that the source 
looked like 192.168.0.1 and so send it back to the firewall. How can I 
make this happen?

-- 
Chris Mason
NetConcepts
(264) 497-5670 Fax: (264) 497-8463
Int:  (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271
Cell: 264-235-5670
Yahoo IM: netconcepts underscore anguilla at yahoo dot com 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.