I would like to put this in as a request for a future enhancement.  I  
had the need for essentially the same thing.

I was trying to IPSEC to another network and unfortunately my  
internal IP address scope was already in use on the remote network by  
another IPSEC client on their network.  If I could have easily NAT'd  
my internal IP at the m0n0wall for whatever private IP I wanted, it  
would have been so easy.  Cisco Pix routers allow this from what I've  
heard, but I've never used a PIX so I can't confirm this.

It's not really a good practice to assume that establishing an IPSEC  
to a remote network will work with existing Network addresses on  
either network, so being able to NAT on one side or the other would  
be a great feature.

Hopefully I've explained this adequately.  If not ask questions.  If  
I have, have a great day!

Jimmy


On Apr 23, 2007, at 3:56 PM, Chris Buechler wrote:

On 4/23/07, Marty Nelson <MNelson at transdyn dot com> wrote:
>
> I need to create a tunnel to a remote network that is currently using
> part of our address range (192.168.0.x), but not our DMZ address range
> (10.100.0.x).  Is it possible with Monowall to create a rule that  
> sends
> all traffic destined to the 192.168.75 and .71 networks through a  
> NAT'd
> 10.100.2. address, and then be able to route it back to us from them?
>

Not possible with a single machine.

-Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch