Adam Swift wrote on Tue, Nov 15 2011 at 6:03 pm:
> For example, my network runs on 192.168.0.0/24. Under Nat -> Outbound,
> I have "Enable advanced outbound NAT", and added a rule on the WAN
> interface for packets sourced from 192.168.0.0/24 going to any
> address. That's the same as m0n0wall's default for my network. Then I
> ticked "Avoid port mapping".
Thanks, I think that might. I enabled it like so:
Interface Source Destination Target
WAN 10.99.99.0/24 * 10.15.55.42
WAN 10.99.99.10/32 * 10.15.55.43
Hopefully this will not remap ports on the 10.15.55.43 address and leave the rest of our subnet to
run like normal. It seems to function fine so far for everything and the tunneled VNC connection
has lasted about 25 minutes.
I have not yet enabled advanced outbound NAT on our "outer" m0n0wall. That unit has 1:1 NAT set up
for one public IP to 10.15.55.42 and a second one to 10.15.55.43 (other building tenants share a
third using regular NAT and their own 10.15.55.* routers). I wouldn't think that would apply since
the docs state, "By default, m0n0wall automatically adds NAT rules to all interfaces to NAT your
internal hosts to your WAN IP address for outbound traffic. The only exception is for any hosts for
which you have configured 1:1 NAT entries." To me that sounds like it's not necessary for 1:1 NAT.