Re: [m0n0wall] why cant i foward PORTS to my radius server?

From:	Sven Brill <madde at gmx dot net>
To:	Alex M <radiussupport at lrcommunications dot net>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] why cant i foward PORTS to my radius server?
Date:	Sat, 30 Sep 2006 22:28:26 -0400

Alex M wrote:
> Yes sure blocking everything is most secure but not always right choice.
>
> Well ok let's assume your solution? But what DNS has to do with IP address?
> Also I would prefer if mono could have this functionality build in and that
> if some on needs it like me so we can enable it...  so maybe there is a
> trick to make it happen with mono box by itself?
>
>   
It's not about "blocking everything" (even though that *is* a good 
thing), it's a limitation in ipfilter. The "trick" is to do it via DNS, 
if m0n0wall is your DNS server, otherwise, as the m0n0 docs state, it's 
not possible:

http://doc.m0n0.ch/handbook/faq-lannat.html

as I said (and the doc says) it's not exactly a m0n0wall issue, it's an 
ipfilter/ipnat issue, see here:

http://www.phildev.net/ipf/IPFprob.html#prob8

If you are set on not using a DNS server for this, put the web server on 
a different interface and create a DMZ - makes more sense, anyways, so 
your LAN has no entry point from the outside. That's how a network with 
externally available services and a LAN should be set up, regardless.


Sven