Molle Bestefich wrote:
>> Yes it does - now you'd only have to add the traffic shaper as an
>> additional shell between the filter and the kernel, and you'd have a
>> nice and simple diagram that illustrates what happens to packets as
>> they pass in or out of m0n0wall's WAN interface.
> It mentions nothing about the WAN or indeed any other interface, which
> makes it a bad representation of the very interface-centric NAT
> processing in m0n0wall.
> The kernel IP router, a major component, is missing from the diagram.
> All in all, I retain that it's a very simplistic diagram which does
> nothing to explain how things work in m0n0wall, beyond the extreme
Replacing Inbound with "WAN" and Outbound with "WAN" on the diagram will
give you the representation needed for m0n0wall. You just could replace
the directions with any interface of m0n0wall.
m0n0wall simplifies the work to bring NAT in place by restricting
configuration to the WAN interface just because people will need it
there 99% of the time. Also this helps to do some NAT automatically,
like outbound NAT for all connected LAN or other networks.
The underlying component IP NAT (which is a function in IP Filter) is
able to do NAT on _every_ interface. This is not often needed and can be
more confusing than it can help.
See here for more info of the NAT in m0n0wall: