[ previous ] [ next ] [ threads ]
 
 From:  "Neil A. Hillard" <m0n0 at dana dot org dot uk>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Traffic shaping using NAT
 Date:  Fri, 16 Jul 2010 16:11:23 +0100 
Hi,

Steve Yates wrote:
> On 07/15/2010 01:48 PM, Steve Yates wrote:
>> Can traffic shaping work on LAN addresses?  
> 
> I ran across FAQ 15.8 again: "Why can't hosts on a NATed interface
> talk to hosts on a bridged interface?" Does that still apply in 1.3?
> There is a scenario where we might need to communicate both
> directions to a host on the NAT interface, from the bridged/optional
> interface.
> 
> Thanks for the quick responses so far.  We're trying to make these
> changes today :) when our Internet connection is changed over.

I believe so.  However it's not normally such a show-stopper as you
might think!

The key thing to note is that a source that has been NATed can't talk to
a device on the bridged interface however, activate advanced NAT and
ensure that the source isn't NATed when talking to those devices and
everything's perfectly happy.

I was running that very setup for a very long time and never had a
problem.  I now have a server in a datacentre so can't test it with 1.3
now (I did have other issues with 1.3 when I tested it before - rules
controlling access to/from devices on the bridged network sometimes had
to be applied on the WAN interface and sometimes on the bridged
interface.  It just wasn't predictable and would sometimes flip of its
own accord)!

Good luck,


Neil.