[ previous ] [ next ] [ threads ]
 
 From:  Toli <schmoli at schmoli dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Inbound NAT works, 1:1 and ServerNat doesn't
 Date:  Wed, 05 May 2004 15:48:24 -0700 
I've read a few months back in the archives, and there are plenty of 
people who seem to have problems getting any type of NAT working.  I am 
not one of those people.  I successfully NAT ports from my WAN IP to 
both machines on my LAN as well as my OPT interfaces with no problems.  
My problem is occuring because I have more than one WAN IP, and now need 
to NAT some ports from some of thoese IP addresses to machines in my LAN 
and OPT interfaces.  following is all my settings, including the Inbound 
NAT rules that work.

WAN interface: (I have IP addresses A.B.C.114-118)
IP Address: A.B.C.114 / 29
Gateway: A.B.C.113
Block Private networks: yes

LAN interface:
IP Address: 10.0.0.1 / 24

# firewall rules in place but not designed help with the below problems 
(ie, tell me if it's one of these that is causing the problem)
#WAN
 (no rules in place)
# LAN - designed to allow traffic out of the LAN, but not into any of my 
other OPT subnets (10.*.*.*)
Proto: *, Source: LAN net, Port: *, Destination: !10.0.0.0/16, Port: *

# first rule allows port 80 on my main WAN IP (A.B.C.114) to route to my 
personal box (10.0.0.131)
# this works!
inbound nat:
Proto: TCP, Port: 80, NAT IP: 10.0.0.131, Port: 80
firewall:
Proto: TCP, Source: *, Port: *, Destination: 10.0.0.131, Port: 80

# second rule allows port 80 on my next WAN IP (A.B.C.115) to route to 
my personal box (10.0.0.131)
# this rule does not work, I have no idea why, it hates me
Server Nat:
IP: A.B.C.115 Description: ServerNat1
Inbound NAT:
Proto: TCP, Port: 80, Nat IP: 10.0.0.131 (A.B.C.115), Port: 80
firewall:
Proto: TCP, Source: *, Port: *, Destination: 10.0.0.131, Port: 80

# third rule allows port 80 on my next WAN IP (A.B.C.116 to route to my 
personal box (10.0.0.131) via 1:1
# this rule also does not work, I have no idea why, it also hates me
1:1 settings:
Extern IP: A.B.C.116/32, Intern IP: 10.0.0.131/32
Firewall: as far as I can tell, it should be the same, so the same
Proto: TCP, Source: *, Port: *, Destination: 10.0.0.131, Port: 80

is that enough information to help me out?

Thanks! Been enjoying m0n0wall for quite some time (my box is even in 
the gallery), just finally starting to get into some more complex rules.

--
Toli Leonovich