[ previous ] [ next ] [ threads ]
 
 From:  Joey Morin <jmorin at icomm dot ca>
 To:  hfk at free dot fr
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  NATed services by the public IP (Was: How to disable remote admin ?)
 Date:  Thu, 24 Jun 2004 22:54:17 -0400 (EDT)
This one time, at band camp, hfk at free dot fr said:

> Allright ! I just made a test :
>
> in fact the the ADMIN SERVER is accessible via WAN IP only from within
> LAN, the ADMIN SERVER is not accessible from outside.
>
> So there's no problem at all, but it's just a bit confusing to type Wan
> Ip in the browser and get admin... You might think everybody could try
> to login to your m0nowall...

nice work.

but... isn't that interesting...

you can't reach an internal server from the LAN via NAT by way of the WAN
IP, but you can reach the m0n0wall webgui from the LAN by way of the WAN
IP...??!!

does anyone else think this is strange?  i realize that it doesn't go
through a NAT rule, but... can we coax the same behavour out of NAT?

jj
(hopefull as always... :)