[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  fisch <fisch at conne dash island dot de>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] portforwarding
 Date:  Thu, 22 Jan 2004 17:24:28 +0100
On 22.01.2004, at 16:57, fisch wrote:

> it doesn't work :(
>
> a) NAT 1:1 (external IP= 16.12.1.3 internal IP= 192.168.11.3)
>
> b) Rules
> ACTION: pass
> INTERFACE: WAN
> PROTOCOL: TCP
> SOURCE: any
> SOURCE-PORT: HTTP

BEEEP! You cannot assume that the source port for incoming HTTP 
connections is 80 - in fact it almost never is. Instead, it's some 
random high-numbered port chosen by the client, so you have to use 
"any" for the source port.

> DESTINATION: single Host (192.168.11.3)
> DESTINATION-PORT: HTTP

That's OK.

- Manuel