[ previous ] [ next ] [ threads ]
 
 From:  Klaus Stock <ks at stock dash consulting dot com>
 To:  Lloyd Aloysius <lloyd dot aloysius at gmail dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] port rewrite from lan to wan
 Date:  Mon, 14 Jan 2013 15:51:02 +0100
Hi Lloyd,

> In pfsense this will work with NAT:port froward and select LAN, 
> Destination
> and Redirect IP and port.
>
> I do not want to switch to pfsense. I would like to find how this can 
> be
> done in monowall.

 after thinking about it a little bit longer, I fear that this is not 
 possible with m0n0wall.

 You might consider to deplay an additional pfSense installation which 
 which has the only purpose of doing the port redirection. It could be 
 deployed as a virtual machine (on the free VMWare Server, for example). 
 The WAN adapter would be configured as DHCP (receiving a dynamic LAN IP 
 address and using the main m0n0wall as default gateway), LAN would 
 receive a static LAN IP address. In order to redirect all traffic for 
 the external IP address [* A.B.C.D*], a DNS override can be configured 
 on the m0n0wall (target would be pfSense LAN address). Obviously, this 
 requires that all application which want to talk to the external IP 
 address [* A.B.C.D*] must not use the IP address, but the (fake) DNS 
 name. Alternatively, the applications use the pfSense LAN IP address 
 instead of the external target address. All traffic for this hostname 
 will then get routed through pfSense, which can do it's "magic" before 
 passing the trafiic out of it's WAN interface back to the m0n0wall (now 
 with the changed port - and the correct external IP address [* 
 A.B.C.D*]).

 Yup, this is a bit messy. I don't know about your environment. If you 
 have a server in your LAN running 24/7, the VM might be a solution.

 "Port 25" sounds suspiciously like SMTP. If we're really talking about 
 SMTP: don't the mail clients offer an option to change the SMTP port?

 AFAIR, there are also some SMTP proxies which allow alternative ports 
 for outgoing SMTP traffic. Of course, this will again require a server 
 and approriate client configurion.

 Or could "SMTP over SSL" be a solution?

 Best regards, Klaus


>
>
> Thanks
> Lloyd
>
>
> On Sun, Jan 13, 2013 at 4:18 PM, Klaus Stock 
> <ks at stock dash consulting dot com>wrote:
>
>> > In my LAN network if any host send anything to a *particular 
>> External IP
>> > Address*[* A.B.C.D*] and *port 25 *=> I have to send to the Same 
>> IP and
>> > Different port out [* A.B.C.D*] and *port 26*
>>
>> > I could not find any place to make this port rewrite for the 
>> internal
>> > network.
>>
>> I've seen a similar thing (ip address change instead of port change)
>> on a similar platform (pfSense instead of m0n0wall).
>>
>> I suppose that port redirection would work about as well the same as
>> ip address redirection. But I don't know if it'll work with 
>> m0n0wall.
>> While pfSense is a m0n0wall fork, it used (AFAIR) pf instead of
>> iptables, so it might not work. However, if your hardware is 
>> powerful
>> enough (and you're not afraid about being overwhelmed by the 
>> excessive
>> number of function in pfSense), you might consider a migration to
>> pfSense, if this solves you problem.
>>
>> Okay, here's the tutorial I stumbled upon last week:
>>
>> 
>> http://www.interspective.net/2012/07/pfsense-ntp-and-network-sneakery.html
>>
>> No, i didn't try it myself - I was looking for something totally
>> different. However, I read the article anyway, just out of some sort
>> of, um, "geeky fascination".
>>
>> Best regards, Klaus
>>
>>