Molle Bestefich wrote:
> James W. McKeand wrote:
>> When you say you have to enter two rules, are you referring to
>> having to add the NAT rule and the firewall rule?
> No, I was talking solely about the rulebase for the filter.
>> If so, without checking the "auto add firewall rule" when you create
>> the Inbound NAT rule, you are correct you will need to add a
>> firewall rule separately.
> I'm not sure what this "auto add firewall rule" you speak of is or
> should do.
> I'm using 1:1 NAT on /32 addresses on m0n0wall 1.22. I see no such
> option on the NAT overview page or in the NAT rule editor.
What I am referring to is when you create an Inbound NAT rule, at the
bottom of the form there is a checkbox to "auto add firewall rule". This
checkbox is empty by default. If you do not check it you have to add the
firewall rule manually. Firewall and NAT rules are handled separately on
m0n0wall. Remember, the NAT is handled first, so the destination of the
firewall rule is the internal IP.
Mail Server IP: 192.168.1.10
NAT rule for SMTP would be:
Source port range from: any
Type: Single host or alias
Destination port range from: SMTP
Log: Log packets that are handled by this rule if you want...
Description: Enter a description here for your reference (not parsed)
Substitute whatever service you are trying to provide (http/s, ftp,
In the case of 1:1 NAT, I believe you have to manually enter the
firewall rule (by default, the firewall rules do not allow any inbound
traffic to 1:1 NAT mappings). You may also need Proxy ARP.
James W. McKeand