> For remote control purposes, the latest version introduced "tunnels"
> where the remote makes a UDP connection to our system and uses that
> for VNC. For comparison, they suggest turning off "Enable SIP
> Helper" in Untangle, and on Sonicwall check "Enable Consistent NAT."
This sounds like your application uses UDP hole punching. UDP/TCP hole
punching requires that the port mapped by the NAT is predictable by
the software doing the punching. A brief look at some documentation on
Sonicwall's "Enable Consistent NAT" indicates this is what it does, by
hashing the source port to create a "consistent" translated port.
By default m0n0wall maps UDP and TCP port numbers to a random port for
security reasons. It can be changed to avoid remapping the port number
when there is no other mapping on the same port. If your software
connects from random ports this should work.
For example, my network runs on 192.168.0.0/24. Under Nat -> Outbound,
I have "Enable advanced outbound NAT", and added a rule on the WAN
interface for packets sourced from 192.168.0.0/24 going to any
address. That's the same as m0n0wall's default for my network. Then I
ticked "Avoid port mapping".
Hope this helps.