[ previous ] [ next ] [ threads ]
 
 From:  "Michael A. Alderete" <lists dash 2003 at alderete dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] public IP on the lan interface?
 Date:  Wed, 10 Mar 2004 09:09:39 -0800
At 10:08 AM -0600 3/10/04, David Rodgers wrote:
>All of that being said it might be nice in the future to have a button
>on the first page of the nat configuration section that simply says
>"disable nat"

While I agree that the user interface for all of the different NAT
capabilities and features of m0n0wall is kind of a mess -- especially in
the absence of good documentation -- I don't think a "Disable NAT" button
is the right thing.

Really, the "Enable advanced outbound NAT" is the button that you want to
push, it's just labeled poorly, and organized in the wrong place.

Perhaps a better UI would be to change the entire last panel (currently
"Outbound") to "Manual NAT", and change the initial checkbox to a radio
button with two choices:

 (*) Enable automatic NAT rules   [default]
 ( ) Disable automatic NAT rules

I'm sure there's other UI improvements that could be made in the NAT
sections, but since I don't know what most of the stuff is for (Inbound and
1:1 I get, the rest seems like it's mostly duplicative of those two), I
can't make further suggestions...

Michael


>On Wed, 2004-03-10 at 09:49, Jim Gifford wrote:
>> Checking the 'Enable advanced outbound NAT' checkbox has the effect of
>> disabling all the default NAT rules so you can write your own.  If you
>> don't write your own, that means that NAT stays effectively disabled.
>>
>> Go to the Web GUI.  Click 'NAT'.  Click "Outbound".  Click "Enable
>> advanced outbound NAT".  Click "Save".  At this point, NAT is effectively
>> disabled.  This feature already exists in the current version of m0n0wall.
>>
>> Once NAT has been disabled, you can do "normal" routing between
>> interfaces.  There is a lot of flexibility in m0n0wall, just sometimes
>> you have to search the archive of this mailing list, and sometimes you
>> have to experiment to find what you need.  And sometimes, you just need to
>> check all the hardware when things aren't working like you expect.  *grin*
>>
>> hope this helps,
>> jim gifford
>>
>> On Wed, Mar 10, 2004 at 08:32:30AM -0500, Jean-Francois Theroux wrote:
>> > This would be a nice feature to add to m0n0. Being able to disable NAT
>> > would be great.
>> >
>> > -jf
>> >
>> > On Wed, 2004-03-10 at 06:37, Mark Spieth wrote:
>> > > Sure it, Just disable nat by using the Enable advanced outbound NAT in
>> > > the outbound nat section, If you check that and don't define any rules
>> > > that should work.
>> > >
>> > > Mark Spieth - Director of Internet Services
>> > >
>> > > Northeast Ohio Digital Inc.
>> > >
>> > > http://www.neod.net
>> > >
>> > > mspieth at neod dot net
>> > >
>> > > 330-830-6551
>> > >
>> > > CONFIDENTIALITY NOTICE: The materials attached hereto are confidential
>> > > and the property of the sender. The information contained in the
>> > > attached materials is privileged and/or confidential and is intended
>> > > only for the use of the above-named individual(s) or entity(ies). If you
>> > > are not the intended recipient, be advised that any unauthorized
>> > > disclosure, copying, distribution or the taking of any action in
>> > > reliance on the contents of the attached information is strictly
>> > > prohibited. If you have received this transmission in error, please
>> > > discard the information immediately
>> > >
>> > >
>> > > -----Original Message-----
>> > > From: Jean-Francois Theroux [mailto:jftheroux at privalodc dot com]
>> > > Sent: Tuesday, March 09, 2004 9:31 PM
>> > > To: m0n0wall at lists dot m0n0 dot ch
>> > > Subject: [m0n0wall] public IP on the lan interface?
>> > >
>> > > Hi guys,
>> > >
>> > >   I was curious, is it possible to assign a public IP on the LAN
>> > > interface? I'd like to have a setup like this:
>> > >
>> > >   evil internet --> m0n0wall box --> switch ---> servers with public
>> > > ips.
>> > >
>> > >    Because I need a new gateway at one of our datacenter rack.
>> > >
>> > > Cheers,
>> > --
>> > Jean-Francois Theroux
>> > System administrator
>> > 514.726.3732
>> > PrivalODC
>> > http://www.privalodc.com/
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

-- 

_____________________________________________________________
Michael A. Alderete           <mailto:lists dash 2003 at alderete dot com>
                                     <http://www.alderete.com>