[ previous ] [ next ] [ threads ]
 
 From:  "Mark Spieth" <mspieth at neod dot net>
 To:  "fisch" <fisch at conne dash island dot de>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] portforwarding
 Date:  Thu, 22 Jan 2004 11:27:35 -0500 
I totally missed that. Your correct your source will almost always be
above 1024 on the client side.

-----Original Message-----
From: Manuel Kasper [mailto:mk at neon1 dot net] 
Sent: Thursday, January 22, 2004 11:24 AM
To: fisch
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] portforwarding

On 22.01.2004, at 16:57, fisch wrote:

> it doesn't work :(
>
> a) NAT 1:1 (external IP= 16.12.1.3 internal IP= 192.168.11.3)
>
> b) Rules
> ACTION: pass
> INTERFACE: WAN
> PROTOCOL: TCP
> SOURCE: any
> SOURCE-PORT: HTTP

BEEEP! You cannot assume that the source port for incoming HTTP 
connections is 80 - in fact it almost never is. Instead, it's some 
random high-numbered port chosen by the client, so you have to use 
"any" for the source port.

> DESTINATION: single Host (192.168.11.3)
> DESTINATION-PORT: HTTP

That's OK.

- Manuel


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch