[ previous ] [ next ] [ threads ]
 
 From:  dave <dave at rodrig dot com>
 To:  Ross Bateman <r dot bateman at workmanufacturing dot com>
 Cc:  m0n0wall Mailing List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] m0n0wall noob and NAT
 Date:  Fri, 23 Apr 2004 09:52:04 -0400
Did you add an entry to 'Services: Proxy ARP' for C.C.C.123?

You need to for this to work. With this in place, the FW will answer any 
ARP requests for C.C.C.123 (in the external subnet, obviously) with its 
own MAC address.

Dave




Ross Bateman wrote:

>Hi
>
>I am a noob to firewalling and have been struggeling to setup a decent
>firewall for some time now. Along comes m0n0wall and the basics are simple
>and do the job I want them to.
>
>I have setup a test enviro with a m0n0wall and a web server behind it.
>
>m0n0 LAN: 192.168.1.1
>m0n0 WAN: C.C.C.126 (I have a full C Class for my company)
>
>Internal Web Server: 192.168.1.10
>
>The outside World should see my Web Server as C.C.C.123
>
>I setup a Server NAT: External IP = C.C.C.123
>
>Inbound NAT:
>External Address: C.C.C.123 (From Server NAT)
>Proto: TCP
>External Port Range: HTTP
>NAT IP: 192.168.1.10
>Local Port: HTTP
>and put a tick in the auto-add firewall rule
>
>Firewall Rules reads as follows:
>Proto: TCP
>Source: *
>Port: *
>Destination: 192.168.1.10
>Port: 80 (HTTP)
>
>If I try to surf my Web Server from outside my secure LAN, I get nothing.
>(Surfing from inside, 192.168.1.# works like a charm using 192.168.1.10)
>
>Like I say, I am a noob so I am not sure firstly if I did this right and
>secondly if I am missing something here.
>
>First prize for me would be to have my C-Class on both sides of the
>m0n0wall.
>
>Thanks for any input,
>
>Ross
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>  
>