Re: [m0n0wall] m0n0wall feature request

From:	Manuel Kasper <mk at neon1 dot net>
To:	Hilton at QuarkAV dot com
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] m0n0wall feature request
Date:	Fri, 23 Jan 2004 16:20:38 +0100

Hilton Travis wrote:

> Yup - m0n0wall provides anti-spoofing (no internal IPs allowed to appear
> inbound on the WAN/OPT interfaces.  This is what causes the "I cannot
> get to my DMZ machines by their real-world addresses" issues that are
> easily overcome by editing the /etc/hosts mappings on m0n0wall.

Not quite - if it was just that, we could solve that problem in an 
elegant way. It's actually a restriction in ipnat. Read

http://m0n0.ch/wall/docs/book/view/27
and
http://coombs.anu.edu.au/~avalon/ipfilfaq.html#IV-8

for details.

- Manuel