[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Re: Can't NAT on m0n0wall.
 Date:  Wed, 21 Jun 2006 07:56:52 -0500
Molle Bestefich wrote:

>> If I understand U here right U mean that the
>> firewall filter is not suppose to work that way.
> 
> Not exactly.  I think the filter works as it's supposed to.
> 
> I think there's a flaw somewhere.  Currently, IMXP, the user has to
> enter 2 rules in the rulebase every time (s)he wishes to tell the
> firewall about something that's actually conceptually only a single
> rule.  But only if the rule pertains to a NATed host or network.
> 
> Could be because:
>  a) m0n0wall should autogenerate one of the rules, but it's broken in
>  my setup b) m0n0wall is broken wrt. when and how traffic is passed
> between NAT 
> and the filter
>  c) that's a specific feature of m0n0wall
> 
> I don't know which, since I'm not a m0n0wall expert.
> Maybe it's a) and my personal setup is broken, but my current personal
> impression is that it's b), of course :-).
> 
>> If I am to enter the rules twice one for translated address
>> and one for untranslated address then this is not right.
> 
> Try if it works anyway.

I have been using m0n0wall for a while. I have never had to enter two rules in the way you describe.
I believe reason a) is to blame. I have always just entered a rule on the Inbound NAT page and
checked the "auto add firewall rule" box. 

When you say you have to enter two rules, are you referring to having to add the NAT rule and the
firewall rule? If so, without checking the "auto add firewall rule" when you create the Inbound NAT
rule, you are correct you will need to add a firewall rule separately.

_________________________________
James W. McKeand