Re: [m0n0wall] Using multiple Ip's on WAN port (Server NAT)

From:	"Chris Buechler" <cbuechler at gmail dot com>
Cc:	monowall <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] Using multiple Ip's on WAN port (Server NAT)
Date:	Tue, 26 Feb 2008 22:14:34 -0500

On Tue, Feb 26, 2008 at 6:04 AM, Roland Giesler
<roland at thegreentree dot za dot net> wrote:
>
>  Help me if I understand this wrongly please:  If I have added a Server
>  NAT address x.x.193.203 and I set up an inbound NAT rule that forwards
>  traffic for port 443 to a webserver (for example), and I have a rule
>  on by WAN port that allows traffic on port 443 destined to the machine
>  I'm forwarding the traffic to, then I should be able to reach that
>  machine for the internet, not so?
>

Yes.


>  I just went and tested it again, and guess what?  https://x.x.193.203
>  to the test site works fine.  However, pinging the site does not,
>  although I have a rule that allows pings and a NAT that forwards pings
>  to the same server.
>

You can only ping NATed hosts if using 1:1 NAT. You're opening TCP
port 443, which is unrelated to ICMP echoes (ping). You can't forward
ICMP in Server or Inbound NAT, only 1:1.

-Chris