[ previous ] [ next ] [ threads ]
 
 From:  "Marcel Wiget" <mwiget at gmail dot com>
 To:  "=?ISO-8859-1?Q?Yannick_Br=E9hon?=" <y dot brehon at qiplay dot com>
 Cc:  "Manuel Kasper" <mk at neon1 dot net>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Firewall not respecting rules ?!?
 Date:  Wed, 23 Jul 2008 14:23:13 +0200
to get NAT service, you need to add now static outbound NAT rules on
the WAN interface so that traffic with source address from your LAN is
properly NAT'd while traffic from your box to the LAN isn't.

I use a setup with 3 interfaces: WAN, DMZ and LAN and have it set up
so that LAN traffic gets NAT'd thru WAN but not between LAN <-> DMZ.
In this case my static Outbound NAT rule is

interface: WAN
Source: 192.168.1.0/24 (my LAN subnet)
Destination: *
Target: *

hope this helps


> OK, we are starting to get some motion...
> I did what you suggested, and as far as allowing cross communiication
> between LAN and WLAN, it worked! But of course now the problem is that I
> can't get on the Internet any more from behind the m0n0... (the entire
> problem comes from my DSL modem which is not a full-fledged router and
> cannot be given static routes, thus the need for m0n0 NATting when going
> outbound).
> Any further suggestions so as to get the same outcome *without* turning
> off NAT? In particular, I don't understand why incoming connections are
> let through, create a firewall state, but return packets are filtered
> (despite "all-pass" rules) ?!
>


>>
>>> OK here it is! Thanks to everyone who might help with this issue!
>>
>> Since it seems that you don't want NAT between LAN and WAN, you need to
>> check the "Enable advanced outbound NAT" option and not define any
>> outbound NAT rules (and remove the existing inbound NAT rules as well).
>> That will effectively cause m0n0wall to become a plain (firewalling)
>> router, with no NAT at all.
>>
>> - Manuel
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>