RE: Server NAT with multiple IPs allows too much traffic

From:	Steve Yates <steve at teamITS dot com>
To:	Steve Yates <steve at teamITS dot com>, "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: Server NAT with multiple IPs allows too much traffic
Date:	Thu, 12 Aug 2010 13:09:07 -0500

I wrote:
> Is the correct way to "solve" this to add the original IP to the Server NAT area,
> and update those NAT rules to use that IP instead of "interface address," or
> should I set a firewall rule to block traffic for port 25 on the second IP?

	I forged ahead, and I get "The WAN IP address may not be used in a Server NAT entry" so I guess
that's not the answer. Seems like a bug then, that "interface address" behaves the same as "all WAN
IP addresses" in NAT rules?

	I started to look at firewall rules to block the unwanted port redirections.  Unfortunately I'm not
sure that will work either.  The logged packet has a source of the remote IP, and the destination is
the LAN IP.  How would I set up a rule to block incoming traffic for just one WAN IP?

Steve