[ previous ] [ next ] [ threads ]
 From:  "Christopher M. Iarocci" <iarocci at eastendsc dot com>
 To:  Steve Young <sdy at CBORD dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Advanced "inbound" NAT
 Date:  Sat, 20 Jan 2007 16:56:13 -0500
Steve Young wrote:
> I am trying to determine if I can configure M0n0Wall to masquerade
> inbound packets to the LAN IP address. In my particular case, the reason
> is that the M0n0wall is NOT the default gateway for the internal server
> I created the inbound NAT rule for. 
> I have tried a couple of 'obvious' tricks by manually editing the XML
> configuration file to no avail:
> - adding a <target><target/> to the inbound NAT rule
> - creating an advanced outbound rule substituting: "lan" for the
> interface field and the proper IP address for target as well as source
> and destination.
> I haven't had much luck Googling this particular topic, but I truly
> don't consider this an "exotic" configuration.
> Since I am in the process of being "dumped" by someone, I'll probably
> have lots of time to hack at this, but I was hoping someone could either
> point me in the right direction or let me know that I'm way off base and
> that what I am trying to do doesn't make sense.
> Thanks for your consideration,
> Steve

I have a server in my network that is behind a 2nd router on my 
network.  Our primary/edge firewall is m0n0wall.  I simply 1:1 natted 
one of our public IPs to the servers internal IP, even though it is not 
on the same network as the LAN port of the m0n0wall.  That, combined 
with the static route in the m0n0wall to the 2nd network allows me 
access to that server from the outside world.  Be advised that you must 
allow that traffic through on the internal (2nd) router also.  Since my 
internal router is strictly a router, no firewall, that detail was a 
non-issue to me.  However, if you are using another firewall internally, 
you will need to make sure the traffic is allowed there also.  HTH