[ previous ] [ next ] [ threads ]
 From:  "Andrew Eglington" <aeglington at hotmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  port forwarding
 Date:  Fri, 25 Jun 2004 21:29:34 +1000
...and of course, by asking a detailled question, and then spending a little 
time testing, I have now answered my own question.

1) slap in a router rule:
forward port 3784 to the m0n0 WAN interface

2) add m0n0 rules:
Firewall: Rules  -  WAN interface - TCP  *  *  LAN net  3784
Firewall: NAT : inbound - WAN  TCP  3784 - 65535  3784 - 65535

Firewall: NAT: Edit - even though there is only a single "Local port" field, 
when saved the "Firewall : NAT" rule shows a range - and will produce errors 
if it's calculation (see below) exceeds 65535
   if "External port range" is defined as 1025-65535
  and "Local port" is defined as 3784
  the resultant rule will define "Int. port range" as 3784 - 68295 (note 
port higher than 65535)
  when creating this rule it stopped me, saying the range was too high 
(which it is for us mere mortals)
  when modifying the rule to reproduce the error (to record the numbers 
here) it let me do it, no error reported, despite a clearly wrong range 
(xxxx - !> 68295 <!).

Firewall: NAT: Edit
Shouldn't there be an :
"Any port"
option for :
"Ext. port range"

and also in :
Firewall: NAT: Edit
Shouldn't the :
"Local port"
field offer a range (two fields) - or more likely shouldnt it's "hint:" text 
be modified/removed to reflect a single port field...as well as the NAT 
descriptor: "Int. port range" *not* show a range?

... or is it just that a range of the same size is assumed? (seems strange 
if so).

Protect your inbox from harmful viruses with new ninemsn Premium. Go to