[ previous ] [ next ] [ threads ]
 From:  dave <dave at rodrig dot com>
 To:  Hilton Travis <Hilton at QuarkAV dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Custom RDR NAT rules: How to add?
 Date:  Sun, 15 Feb 2004 23:54:49 -0500
On Mon, Feb 16, 2004 at 02:06:00PM +1000, Hilton Travis wrote:
> Hi Dave,
> On Mon, 2004-02-16 at 12:11, dave wrote:
> > Now my question:
> > 
> > We all know about the DNS overrides that need to be in place in order 
> > for LAN hosts to be able to access DMZ hosts by hostname. On OpenBSD, I 
> > overcame this problem with RDR NAT rules which said basically:
> > 
> > rdr xl0 <public ip address> port 80 -> port 80 tcp
> > 
> > Where xl0 is my LAN interface and the public ip address is whatever 
> > dmz.host.com resolves to. This worked beautifully.
> > 
> > How would I go about adding a similar rule using exec.php?? Is it 
> > possible?
> Using the features available in the webGUI, go to the "DNS Forwarder"
> page, and down the bottom you'll see the "overrides" section.
> Add an entry such as:
> Host	Domain		IP		Description
> Virgil	example.com	Virgil (in the DMZ)

Yes, I know about the DNS overrides, that's how I started my post. :-)

> > Also, is there a chance we might someday see a checkmark in the webgui 
> > along the lines of "Add Server/1:1 NAT RDR rules from LAN" to accomplish 
> > the same thing?
> The functionality you need - DNS overrides for DMZ machines - is already
> in the webGUI.

No, this is not the same thing. The DNS forwarder override causes m0n0wall to return a DMZ address
the requested hostname. Once set up correctly, if I type www.rodrig.com, it will be *resolved* to a
address. What I'm talking about is a bit different. I want name resolution to happen normally,
resolves to (an external address), and packets are sent to that address. Once those
hit m0n0wall, they'd then be *redirected* (ipnat) to If this happens, the DNS
overrides are unnecessary. 

I much prefer this solution because I host 4 domains on the server in my dmz, and within each domain
have several subdomains (i.e. pics.rodrig.com, dave.rodrig.com, etc.). Using the overrides means I
to enter each of these manually, but with only the one RDR rule all of these are taken care of,
they all resolve to the same address. 

I realize this would be of limited use to most people, since the overrides already address this as
would apply in most situations. This isn't a feature request, the webgui comment was an
afterthought. If 
I can take care of this by adding a RDR rule using exec.php, that'd be great.