Re: [m0n0wall] NAT Port Mapping and Bind more IP to WAN

From:	Falcor <falcor at netassassin dot com>
To:	Andy Chan <andychan at ziptexhk dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] NAT Port Mapping and Bind more IP to WAN
Date:	Sat, 20 Mar 2004 10:37:30 -0600

Are you asking how to port forward port 5900 from the WAN to an internal
host?

Here are the manual steps to doing that:

1.) Under Firewall on the menu select NAT and then click the plus icon
to add a rule.
2.) Set External Address to WAN
3.) Set Protocol to TCP or UDP... not sure which 2900 you are tying to
use but I will assume TCP.
4.) External port range, simply put 2900 into the From: field and leave
the to field empty.
5.) NAT IP, here you would enter 192.168.1.2 (per your example of where
you want to forward the port.)
6.) Local port again enter 2900 here, unless you want to switch it to
another port. Eg. inbound 8080 switched to 80.
7.) Description, put one here.
8.) Click the Auto-add firewall rule...
9.) Click Save
10.) Click apply changes

Now let's go check the auto rule was created.
1.) Under Firewall on the menu select Rules
2.) Under the "WAN interface" section you should now see a rule that sais:
TCP * 2900 192.168.1.2 2900 [your description]
3.) If this rule is not present then we need to make it.
a.) click the plus icon on the page.
b.) Leave Action as pass
c.) Do not check disable
d.) Interface set to WAN
e.) protocol TCP
f.) Source leave Any unless you have a specific host or network you are
restricting access to.
g.) Source port range, simply put 2900 in the From field.
h.) Destination Select Type as single host, address as 192.168.1.2
i.) fragments, if you need them turn it on.
j.) log is your decision, in this case I suggest you select to log so
you can look at said logs and figure out what is happeneing.
k.) Description, use one.
l.) click save
m.) clock apply changes
okay you are all set, now if this does not work you will need to look at
your firewall logs to see what is happening.

Andy Chan wrote:

>Dear all,
>
>I have try many time to configure the NAT Port Mapping, but I fail in configure it.
>
>                        203.128.248.6                              192.168.1.1                 
192.168.1.2
>Internet ---------------WAN Port---------m0n0wall----------LAN Port-----------------------PCs
>                        Port:5900                                  Port:5900
>
>
>I configure "NAT -> Inbound" and clock "Auto-add a firewall rule to permit traffic through this NAT
rule. after all, I try to connect using "VNC Viewer". But I can't success. Please advice
>
>I also have other question, how to configure WAN Port to contain more than 1 WAN IPaddress. I check
the mailing list. Please advice.
>
>
>
>
>
>Best Regards,
>Andy Chan
>
>  
>