[ previous ] [ next ] [ threads ]
 
 From:  Terry Yim <tallnthin17 at yahoo dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  NAT between OPT1 and LAN
 Date:  Thu, 11 Nov 2010 11:48:15 -0800 (PST)
Hi all,

A newbie here in m0n0wall with a question on NAT-ting between LAN and OPT1.

WAN:  Public IP from ISP
LAN:  10.31.0.10/24
OPT1:  10.79.0.1/24

NAT Rules:
I have a user on OPT1 (10.79.0.10) that needs to access 3 printers inside the LAN
(10.31.0.40-10.31.0.42).  I have created 3 NAT rule on the OPT1 interface (10.79.0.40 -> 10.31.0.40
and so on) with proxy ARP on all those IPs.

Firewall Rules:
On my LAN interface, it has the default allow any rules.

On my OPT1 interface, I have 5 rules:
#1: Deny TCP traffic to port 443 to 10.79.0.1 (block access to m0n0wall)
#2: Allow all traffic from OPT1 subnet to 10.31.0.40 (printing access)
#3: Allow all traffic from OPT1 subnet to 10.31.0.41 (printing access)
#4: Allow all traffic from OPT1 subnet to 10.31.0.42 (printing access)
#5: Allow OPT1 subnet to go to all other interface except LAN

With that, computer 10.79.0.10 will print when data is sent to 10.79.0.40/.41/.42.  However,
Internet access will work intermittendly.

I checked the Firewall state and see 10.79.0.10 attempting to go out to the web, say google, it only
generate < 10 packets, while a working computer in the LAN will have > 30 packets.

Questions:
1) Where can I dig for more information regarding to how the packet goes?
2) Can m0n0wall even handle what I try to do?

Sorry if this had been discussed before, any help on this matter would really be appreciated, I am
lost at this stage.

Thanks again.

-Terry