[ previous ] [ next ] [ threads ]
 
 From:  Ryan Mullins <rmullins at ciscomonkey dot net>
 To:  David Kitchens <spider at webweaver dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Feature Request
 Date:  Fri, 5 Jan 2007 08:28:03 -0600 
You could add a Firewall rule for both networks.  Then you would still only have to change 
the NAT rule.  

If your networks are somewhat close, eg. 192.168.1.0/24 and 192.168.4.0/24 you could just 
change the firewall rule to be 192.168.0.0/16.

-Ryan

* David Kitchens <spider at webweaver dot com> [2007-01-05 01:51:57]:

> I admit I hadn't thought of that! The only problem I have with it is that my
> server is on a VLAN different than my workstation so I will have to continue
> to edit both rules. :( I think I may have to upgrade to a 4801 since the gui
> performance is much slower now but on 1.3b2 I get faster thruput so I can
> wait for gui issues, lol.
> 
> Dave
> 
> > -----Original Message-----
> > From: Ryan Mullins [mailto:rmullins at ciscomonkey dot net] 
> > Sent: Thursday, January 04, 2007 6:37 PM
> > To: David Kitchens
> > Cc: m0n0wall at lists dot m0n0 dot ch
> > Subject: Re: [m0n0wall] Feature Request
> > 
> > I do this same situation a lot.  What I've done is just 
> > change the firewall rule to allow
> > 3389 to my network (eg. 192.168.1.0/24) instead of just the 
> > host.  That way I only have to change the NAT rule to point 
> > to the other server address.
> > 
> > -Ryan
> > 
> > * David Kitchens <spider at webweaver dot com> [2007-01-04 18:32:12]:
> > 
> > > Point taken, I hadn't thought of tweaking just the firewall 
> > rule but 
> > > in most cases I have ran into, the two rules are meant to 
> > be together. 
> > > All I was hoping for was a checkbox option like we have on the NAT 
> > > page that would update the other rule if the user wanted to. It 
> > > doesn't have to be a mandatory thing, but most of the time I have 
> > > needed to edit both. Example for my situation is port 3389, 
> > 99% of the 
> > > time, I have it set to my workstation so I can get to it remotely, 
> > > here and there I need to let someone use Terminal Services 
> > to get to 
> > > my W2K3 server and I have to change the rules. I am not a 
> > programmer 
> > > so I didn't know if this could be done but figured I would throw it 
> > > out to the list and see. Having a drop menu for aliases 
> > seems like it 
> > > should be fairly simple, that's more cosmetic than anything else.
> > > 
> > > Dave
> > > 
> > > > -----Original Message-----
> > > > From: Neil A. Hillard [mailto:m0n0 at dana dot org dot uk]
> > > > Sent: Thursday, January 04, 2007 3:41 PM
> > > > To: m0n0wall at lists dot m0n0 dot ch
> > > > Subject: Re: [m0n0wall] Feature Request
> > > > 
> > > > Hi,
> > > > 
> > > > In message <459D622B dot 6090906 at gmx dot de>, Carsten Holbach 
> > > > <Carsten dot Holbach at gmx dot de> writes
> > > > >I support this feature request!
> > > > >
> > > > >David Kitchens schrieb:
> > > > >> While I love the "Auto-add a firewall rule" option in NAT,
> > > > I find it
> > > > >>odd  that when I want to edit a NAT rule, this feature is
> > > > not there. 
> > > > >>It seems  like it should be able to change to "Update 
> > the firewall 
> > > > >>rule" when you Edit  a NAT setting. Currently, if I want to
> > > > edit a NAT
> > > > >>rule, I also have to edit  the firewall rule. Would this be
> > > > possible to do?
> > > > >>   Second thought, since we have the blue fields for Aliases, 
> > > > >>could the fields  be drop down lists of available aliases? Not a
> > > > major issue
> > > > >>but a thought  since I am editing rules right at the moment.
> > > > >>   Also, a quick report on a production Net 4511 
> > upgrade to 1.3b2:
> > > > >>   Upgrade was painless, everything worked that I use. Web and 
> > > > >>mail services  working to two servers, VLANs working, VPN's to 
> > > > >>several clients work fine,  (all connected to M0n0wall 
> > 1.22). My 
> > > > >>mini-pci wireless B is more stable now  than it was 
> > under 4.11, it
> > > > used to stop
> > > > >>working now and then.. The webgui is  slightly slower than
> > > > it was but
> > > > >>a 4511 is only a 133mhz so I expected that  and can 
> > deal with it. 
> > > > >>Overall, a fine piece of work and a painless upgrade  as usual 
> > > > >>with M0n0wall!
> > > > 
> > > > I can see how it could be useful but I don't think it is 
> > that easy 
> > > > to implement.  The two tables are completely separate so 
> > some form 
> > > > of link between the two would need to be maintained.
> > > > 
> > > > What happens when you've 'tweaked' the firewall rule?  Would the 
> > > > link be severed or would the NAT rule update overwrite 
> > the firewall 
> > > > rule changes?
> > > > 
> > > > When adding a rule it's a bit of a no-brainer but 
> > maintaining from 
> > > > then on wouldn't be particularly easy... unless I've missed 
> > > > something obvious!
> > > > 
> > > > My 2p worth!
> > > > 
> > > > ATB,
> > > > 
> > > > 
> > > >                                 Neil.
> > > > 
> > > > -- 
> > > > Neil A. Hillard                E-Mail:   m0n0 at dana dot org dot uk
> > > > 
> > > > 
> > --------------------------------------------------------------------
> > > > - To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > > > 
> > > > 
> > > 
> > > 
> > > 
> > > 
> > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch