Re: [m0n0wall] Inbound NAT Port for WAN being spread across too many IP address instead

From:	Michael Brown <knightmb at knightmb dot dyndns dot org>
To:	m0n0wall <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] Inbound NAT Port for WAN being spread across too many IP address instead
Date:	Tue, 17 Jul 2007 00:55:58 -0500

Well, found the answer to my own issue. It seems that a general Inbound 
NAT port rule automatically maps all IPs (not just m0n0wall WAN) when 
you create the rule. If you try to narrow it down to only the m0n0wall 
WAN with a firewall rule, it won't work. I finally ended up creating an 
Server NAT IP entry and using that to map that "specific" IP to the 
correct port/computer on the network. It's possible it's always been 
like this since who knows how many versions ago and because it still 
technically works, I never noticed. But it is nice to not have a half 
dozen static IPs all mapped to a single computer, so I'm glad I finally 
got that resolved. Hopefully this will aid anyone that encounters this, 
as by the lack of replies and nothing in the archives my situation was a 
little fair from the normal setup :-)

Conclusion.
When doing inbound NAT mappings, if you are not using 1:1 NAT or Server 
NAT, keep in mind that *all* of the IPs that m0n0wall is managing will 
map inbound instead of just the m0n0wall WAN IP.  It might be useful for 
someone if they wanted to map a bunch of static IPs (HTTP, SMTP, etc) to 
the same machine, but for me it's a feature I can live without ;-)