[ previous ] [ next ] [ threads ]
 
 From:  "Dave C." <mono at comm dot it>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Possible a bug in NAT handling?
 Date:  Thu, 18 Mar 2004 20:59:39 +0100
Hi,

I think I hit a bug in m0n0 and the handling of the advanced NAT (or at
least an unexpected behaviour for me).

I tried to set up a WAN+LAN+OPT1 interface, where traffic from LAN->WAN and
LAN->OPT1 should be natted, while traffic of OPT1->WAN should go without
natting (the OPT1 interface has public ip addresses).

The problem is that LAN->WAN natting works fine, but when I try to connect
from LAN->OPT1 the packets are not translated to the OPT1 addresses.

In what follows, the LAN is 10.0.0.0/8, WAN is 1.0.0.1/24, OPT1 is
2.2.2.1/24

I have set the nat rules like this:

Source: 10.0.0.0/8    Dest: 2.2.2.0/24    Target: 2.2.2.1
Source: 10.0.0.0/8    Dest: *    Target: Empty (the wan address)

With this setup, running a tcpdump on the OPT1 side, I see packets coming in
with the LAN addresses and not the IP address of the firewall on the OPT1

Any hints?
Dave.