[ previous ] [ next ] [ threads ]
 
 From:  "lextre at trelex dot co dot uk" <lextre at trelex dot co dot uk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Disabling NAT
 Date:  Wed, 14 Dec 2011 11:11:27 -0500
Thanks Steven that's the option I have set within m0n0wall in the Firewall:
NAT: Outbound section. 
When I enable advanced outbound NAT I then have to create a mapping in
order for workstations to be 
able to access the internet from within the LAN since, as Jakob pointed
out, when I disable NAT we lose 
internet connection on the LAN clients.

As for the bigger picture I'll try to describe the problem. We are a
relatively small organisation of around 
100 staff spread across two offices employing m0n0wall as the
firewall/router in both locations. We had 
an IPSEC vpn setup within m0n0wall to connect both offices and everything
had been working fine. Now 
we are partnered with a much larger organisation and they want to improve
communication with us. As 
a result they want us to use OCS (communicator) and some proprietary video
conferencing software 
which, apparently, cannot function via a NAT'ed router. So what they have
asked us is to disable our vpn 
connection and make sure that there is no NAT running on our routers.

Bob, I completely get what your saying and thanks for the detailed
explanation. Although we DO have a 
generous amount of ip addresses from our ISP we certainly do not have
enough for each workstation to 
have their own unique ip address on the net. I'm sure this is not what the
larger organisation expect us 
to achieve either. I'm now going to go back to them to see exactly what it
is they are asking as disabling 
NAT by all accounts is not the way to go.

Thanks to everybody who replied.



Original Message:
-----------------
From: Steven Nusser jaguar11735 at gmail dot com
Date: Wed, 14 Dec 2011 10:19:24 -0500
To: lextre at trelex dot co dot uk, m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Disabling NAT


I think what you're after is to disable the 'Advanced Outbound NAT' feature
of m0n0wall.  This will improve compatibility with programs that don't
support "NAT". I believe this feature is documented in the manual.

--
Steven C. Nusser



On Wed, Dec 14, 2011 at 10:13 AM, lextre at trelex dot co dot uk
<lextre at trelex dot co dot uk>wrote:

> Thanks Jakob that makes sense. However, how do organisations configure
> their routers with no NAT
> (such as in larger corporations)? It's just that we will need to run some
> software in the near future which
> cannot work on NAT'ed connections. So I guess my question is how does one
> go about disabling NAT
> but still providing internet access to the workstations on the LAN?
>
> Sorry if this is a very noob-type question but I've never had to configure
> a router which doesn't employ
> some form of NAT.
>
>
>
> Original Message:
> -----------------
> From: Jakob Schwienbacher jakob dot schwienbacher at gmail dot com
> Date: Wed, 14 Dec 2011 16:02:55 +0100
> To: lextre at trelex dot co dot uk
> Subject: Re: [m0n0wall] Disabling NAT
>
>
> Hi Lex Tre,
>
> By disabling NAT your Internet connection will not work anymore. You
> need NAT enable because Privat addresses like 10.x.x.x, 192.168.x.x
> are not routed in the public Internet. NAT hide your whole LAN behind
> your public IP. So you can surf with more than one PC.
>
> HTH
>
> Jakob
>
> On 14 December 2011 15:32, lextre at trelex dot co dot uk <lextre at trelex dot co dot uk>
> wrote:
> > The WAN NIC has a static IP address assigned by my ISP and the LAN ip is
> > 10.195.136.x.
> >
> > When I check using services such as whatismyip the public ip is always
> > returned. I assumed (perhaps
> > incorrectly) that by completely disabling NAT any outgoing connections
> from
> > a workstation will use the
> > internal ip address or am I misunderstanding something?
> >
> >
> > Original Message:
> > -----------------
> > From: Matthew Cramer mat at mc dash tech dot co dot uk
> > Date: Wed, 14 Dec 2011 14:18:40 +0000
> > To: lextre at trelex dot co dot uk
> > Subject: Re: [m0n0wall] Disabling NAT
> >
> >
> > what IP does your NIC have?
> >
> > On 14 December 2011 13:40, lextre at trelex dot co dot uk <lextre at trelex dot co dot uk>
> wrote:
> >
> > I have read the section in the handbook regarding disabling NAT but I
> would
> > like to know how I can test it
> > has been successful. When I do a whatismyip on the net my address always
> > shows as the public ip - is this
> > the correct behaviour? If anybody could advise how I can confirm NAT has
> > been completely disabled I
> > would really appreciate it! I'm using m0n0wall 1.33 Generic PC.
> >
> >
> > --------------------------------------------------------------------
> > mail2web LIVE – Free email based on Microsoft® Exchange technology -
> > http://link.mail2web.com/LIVE
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
>
>
> --------------------------------------------------------------------
> myhosting.com - Premium Microsoft® Windows® and Linux web and
application
> hosting - http://link.myhosting.com/myhosting
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>


--------------------------------------------------------------------

http://link.mail2web.com/Business/SharePoint