Bob Young wrote:
> I had several follow-up questions if I may. I put the >> marks next to what
> you said earlier. Hope I did it right.
This could make it tougher to follow now, but we will try.
>> I have also been trying to set up remote access on my M0n0wall, using
>> Dyndns like you do.
As a side note, dyndns has recently done something I find fundamentally
wrong. I may be switching. Frustrating as I have liked there service
for a while now. Watch the space for more to come.
> When you say "ssl", I assume you mean https, since I read that https uses
> I see I need to pick "https" in the System: General Setup page?
Sloppy on my part. They are not really the same, but are often used
interchangeably. When you pick https: it will use ssl on port 443.
However, you can set a different port for http or https.
> When you say "strong password", I assume you mean a complicated password for
> logging into M0n0wall?
> That's nice to know I only have to set up rules in Firewall: Rules: WAN
To get into the firewall, yes.
> If I would have picked "http" on the System: General Setup page, then would
> I be going through Port 80 by default?
> I understand https is better, since it encrypts the data that is sent. So
> if I choose "https" (which I probably will), I understand that I will have
> to go to Firewall: Rules, to put in 443 as the port?
> Since I'm using Dyndns, is this what I would type into my IE address window
> to remote into my M0n0wall?:
> https://username.dyndns.org ? I understand this whole thing is called my
> "host name".
> Assuming I'm going to use https (port 443) to remote into my M0n0wall, I'll
> try to give you what I think I might need to use. By the way my ISP hands
> out dynamic IP addresses.
> First I would go to: Firewall: Rules . Click on the WAN tab. Click on the
> "+" sign, to add a new rule. Be sure to pick the "WAN" interface, and click
> on "Pass".
> Protocol Source Port Destination Port
> Pass TCP ???? Any ???? 443 See
> next few lines for description
TCP * * WAN address 43 (HTTPS) Allow Remote Admin
> On the WAN interface Pass:
> "TCP" incoming Protocol, coming from ???? Source, using "any" Port,
> GOING TO:
> ???? Destination, on HTTPS (port 443).
> I don't know what to use for Source and Destination.
Source is any / any. Destination is WAN address / 443.
> I'm thinking for destination I should use x.x.x.0/24 (with x.x.x being the
> first three dynamic IP numbers of my ISP). I assume the subnet mask is
> 255.255.255.0. Since it's dhcp, my ISP didn't need to tell me.
Overkill. m0n0wall knows what it's IP address is.
>>From what you say, it looks like Dyndns only allows me to get into my
> M0n0wall, and not to my AP or CPEs, which are connected to my AP.without
> doing something that you called "inbound NAT".
Dyndns gice you your external IP. m0n0wall can forward you to your ap's
or allow vpn or whatever.
>>From what you are saying it looks like I should go to.
> Firewall: NAT: Inbound to set up the NAT rules that you speak of?
This is slightly more complex, and can be in a new thread. :)