[ previous ] [ next ] [ threads ]
 
 From:  "Kristian Shaw" <monowall at wealdclose dot co dot uk>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: {Spam?} [m0n0wall] Using multiple Ip's on WAN port (Server NAT)
 Date:  Fri, 22 Feb 2008 19:22:18 -0000
Hello,

It looks like you should be using 1:1 NAT, if you would like assign public 
addresses to machines behind the firewall with private addresses.

Kris.

----- Original Message ----- 
From: "Roland Giesler" <roland at thegreentree dot za dot net>
To: "monowall" <m0n0wall at lists dot m0n0 dot ch>
Sent: Friday, February 22, 2008 4:44 PM
Subject: {Spam?} [m0n0wall] Using multiple Ip's on WAN port (Server NAT)


> Hi all,
>
> I'm sure this was working before (on other client sites), but I cannot
> get this going again.
>
> All I want to do is add a subnet (/29) to the WAN port so I can use
> all the addresses that my ISP gives me.
>
> I have allowed ICMP traffic to all these addresses with a rule.
>
> ICMP * * x.x.193.200/29 *
>
> And I have added a server NAT entry
>
> External IP address Description
>
> x.x.193.203
>
> In my fw log I see
>
> OK   18:36:47.202983  WAN  88.198.39.133  x.x.193.203, type echo/0  ICMP
>
> and it has a green arrow showing the traffic was allowed.
>
> Yet the site I ping from says:
>
> PING x.x.193.203 (41.206.193.203) 56(84) bytes of data.
> From x.x.193.202: icmp_seq=3 Destination Host Unreachable
> From x.x.193.202 icmp_seq=3 Destination Host Unreachable
> From x.x.193.202 icmp_seq=4 Destination Host Unreachable
>
> --- 41.206.193.203 ping statistics ---
> 4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 
> 2998ms
>
> The address that replies with the "destination host Unreachable" is
> the WAN port IP.
>
> Why is this happening?  It worked perfectly before at other sites, but
> I can't find the error here.
>
> This should not be difficult, or should it?
>
> regards
>
> -- 
> Roland Giesler
> Green Tree Systems cc, Stellenbosch, South Africa
> Mobile: 072-450-2817 http://www.thegreentree.za.net
>
> Shop online at http://www.digitalplanet.co.za/?AID=497
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>