Joe Smith wrote:
> Thanks for your help. Basically trying to allow SSH
> at the firewall to hit a server behind it.
I set out to actually try this in a minimal config from scratch, using a
fresh generic-pc m0n0wall pb27r630 reset to factory defaults. Everything
(WAN/LAN) uses DHCP. That had me end up with:
- WAN interface on 192.168.134.128
- knoppix 3.3 on 192.168.1.199 in the LAN used to access the WebGUI
- FreeBSD box to provide an sshd on 192.168.1.198 in the LAN
The goal was to establish an ssh connection from a box in the WAN to
the FreeBSD box behind m0n0wall.
From the factory defaults, the ONLY things I changed on m0n0wall were:
1 - disabled blocking of private nets on WAN interface (because the WAN
net is 192.168.134/24!)
2 - adding one inbound NAT rule for port 22 to 192.168.1.198:22
3 - letting m0n0wall add the firewall rule to go with the NAT rule
Sure enough, this works as expected. A windows box in the WAN can now
ssh to 192.168.134.128 and will end up talking to the FreeBSD box.
This is all you need. If this does not work, there's a problem
PS - The only thing that has me utterly confused is why the
automatically added rule lists 192.168.1.198 as the destination address
instead of the 192.168.134.128 one would expect. I always thought these
rules applied to packets as they come in on the interface, but this
seems to refer to different contexts for the source and destination
addresses (before and after NAT). This may need needs clarification in
the docs or the UI...