I use many m0n0wall feature with great success...
There is an interesting behavior that I would like to understand better.
I have a business cable modem with 3 static IP's on the WAN. One is
the default WAN IP, the second is a Server NAT and the third is 1:1
NAT. All working like a charm.
If I do a Unix traceroute from the LAN (Outbound NAT uses default WAN
IP), without adding any rules, the return ICMP path is allowed and
the traceroute works.
If I do a traceroute from a different subnet and Outbound NAT uses
the default WAN IP, traceroute works. But, if I change the Outbound
NAT to use the Server NAT IP, the traceroute fails.
Another data point, if I perform a traceroute from the internal 1:1
NAT'ed machine the traceroute always fails, even if I allow all
inbound/outbound in the rules for that internal machine.
If I use "traceroute -I" same results.
Is this behavior expected? If so, can someone explain why?