RE: [m0n0wall] Consistent (predictive) NAT

From:	Steve Yates <steve at teamITS dot com>
To:	"m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] Consistent (predictive) NAT
Date:	Tue, 15 Nov 2011 19:09:25 -0600

Adam Swift wrote on Tue, Nov 15 2011 at 6:03 pm:

> For example, my network runs on 192.168.0.0/24. Under Nat -> Outbound,
> I have "Enable advanced outbound NAT", and added a rule on the WAN
> interface for packets sourced from 192.168.0.0/24 going to any
> address. That's the same as m0n0wall's default for my network. Then I
> ticked "Avoid port mapping".

	Thanks, I think that might.  I enabled it like so:

Interface 	Source 	Destination 	Target 	
WAN 	10.99.99.0/24 	* 	10.15.55.42 
WAN 	10.99.99.10/32 	* 	10.15.55.43
				(no portmap) 	  

Hopefully this will not remap ports on the 10.15.55.43 address and leave the rest of our subnet to
run like normal.  It seems to function fine so far for everything and the tunneled VNC connection
has lasted about 25 minutes.

	I have not yet enabled advanced outbound NAT on our "outer" m0n0wall.  That unit has 1:1 NAT set up
for one public IP to 10.15.55.42 and a second one to 10.15.55.43 (other building tenants share a
third using regular NAT and their own 10.15.55.* routers).  I wouldn't think that would apply since
the docs state, "By default, m0n0wall automatically adds NAT rules to all interfaces to NAT your
internal hosts to your WAN IP address for outbound traffic. The only exception is for any hosts for
which you have configured 1:1 NAT entries."  To me that sounds like it's not necessary for 1:1 NAT.

--

Steve Yates
ITS, Inc.