[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Inbound NAT WAN or OPT1 when bridged together?
 Date:  Sun, 3 Dec 2006 00:11:53 -0500
On 12/2/06, Michael <zlinda1002 at cox dot net> wrote:
> Guys I have bridged my opt1 with wan. When enabling filtered bridge option
> (which I should) do I use the tab for WAN or OPT1 concerning INBOUND NAT?
> Which firewall tab WAN OR OPT1? Being as the interface is bridged then it
> acts as one with WAN correct?

You don't need NAT with the interface bridged in that fashion - your
system will get a public IP from your ISP's DHCP server (note that I
know this because of some off list discussion with Michael earlier).

Which interface to put the rules on depends on whether you want to
filter traffic coming into the WAN interface, or coming into the OPT
interface.  You probably want to permit all on OPT, maybe except to
your LAN subnet (though it shouldn't be able to reach your LAN subnet
regardless of what rules you put on OPT because your network sees it
from the outside, as it would any other Internet host).

On the WAN, you need to permit the ports you need, source any,
destination any.  Since you don't know what your bridged PC's IP
address is going to be, and it will likely change somewhat regularly,
you'll have to use destination any.  That's no big deal though,
because you're already permitting those ports on your m0n0wall WAN IP,
which means you already are permitting it to any ("any" just being
your two public IP's).

Hope that made sense and I didn't lose you there.  :)