I have monowall installed on a Soekris 4801.  It's configured with
two subnets.  I'm trying to set up NAT to expose one server that's
on one of the subnets, but I seem to have misconfigured something
along the way.

The setup looks like this


                                Netopia
                              DSL 'modem'
                              xx.yy.105.94
                           (255.255.255.248)
                                   |
                                   |
                            xx.yy.105.90/29
                            Soekris/Monowall
                                   |
                           /-------+---------\
                           |                 |
                          LAN              OPT1
                    192.168.1.1/24    192.168.2.1/24


The DSL is 'sticky static' PPPoE with 5 public IP addresses
(xx.yy.105.89 - xx.yy.105.94)

I'm trying to map 192.168.2.100 to xx.yy.105.91

I went to the Firewall: NAT: 1:1 setup page in monowall and entered the
following settings

  Interface:   WAN
  External IP: xx.yy.105.91/32
  Internal IP: 192.168.2.100/32

I also went to Firewall: Rules: OPT1 and entered the following

  Protocol:    TCP
  Source:      *
  Port:        *
  Destination: 192.168.2.100
  Port:        *

I wasn't able to get to the web server from the outside world, so I
configured a laptop with an IP address of xx.yy.105.92, plugged it into
the Netopia and still wasn't able to get to the web server.  (I can get
to the web server from either subnet using the 192.168.2.100 IP address)

Any suggestions for troubleshooting or reconfiguring would be
appreciated.

Thanks!

Thomas