[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  monowall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Using multiple Ip's on WAN port (Server NAT)
 Date:  Tue, 26 Feb 2008 22:14:34 -0500
On Tue, Feb 26, 2008 at 6:04 AM, Roland Giesler
<roland at thegreentree dot za dot net> wrote:
>  Help me if I understand this wrongly please:  If I have added a Server
>  NAT address x.x.193.203 and I set up an inbound NAT rule that forwards
>  traffic for port 443 to a webserver (for example), and I have a rule
>  on by WAN port that allows traffic on port 443 destined to the machine
>  I'm forwarding the traffic to, then I should be able to reach that
>  machine for the internet, not so?


>  I just went and tested it again, and guess what?  https://x.x.193.203
>  to the test site works fine.  However, pinging the site does not,
>  although I have a rule that allows pings and a NAT that forwards pings
>  to the same server.

You can only ping NATed hosts if using 1:1 NAT. You're opening TCP
port 443, which is unrelated to ICMP echoes (ping). You can't forward
ICMP in Server or Inbound NAT, only 1:1.