On 4/30/06, Mike Ansell <mike dot ansell at norrcom dot com> wrote:
> I have no inbound/outbound/server/1:1 nat rules. I haven't ticked the
> 'Enable Advanced Outbound NAT' box. (no vpn works when this is ticked)
Here's your problem. You're still NAT'ing, because you haven't
checked that enable advanced outbound NAT box. It stopped working
when you did that most likely because you're missing a static route on
your Windows server, or the router for that subnet if there is some
other router there (that wasn't clear to me in the diagram).
On your Windows server, open up a command prompt and run:
route add 172.16.3.0 255.255.0.0 192.168.103.2 -p
The -p makes it persistant, i.e. will survive a reboot.
Then, enable advanced outbount NAT on m0n0wall, and everything will be
routing and will work properly. You may need additional static routes
on any other firewalls or routers, instead of, or in addition to, what
you put on the server.
On your firewall rules, you shouldn't need any rules on your WAN
(firewall state table will let everything back through) unless you
need to be able to initiate connections from your network to the
wireless clients. On the LAN rules, you shouldn't need UDP 500 or
1701, unless Windows server PPTP uses those for some reason.