[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Hilton at QuarkAV dot com
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0wall feature request
 Date:  Fri, 23 Jan 2004 16:20:38 +0100
Hilton Travis wrote:

> Yup - m0n0wall provides anti-spoofing (no internal IPs allowed to appear
> inbound on the WAN/OPT interfaces.  This is what causes the "I cannot
> get to my DMZ machines by their real-world addresses" issues that are
> easily overcome by editing the /etc/hosts mappings on m0n0wall.

Not quite - if it was just that, we could solve that problem in an 
elegant way. It's actually a restriction in ipnat. Read

http://m0n0.ch/wall/docs/book/view/27
and
http://coombs.anu.edu.au/~avalon/ipfilfaq.html#IV-8

for details.

- Manuel