[ previous ] [ next ] [ threads ]
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] NATed services by the public IP
 Date:  Sun, 27 Jun 2004 18:25:57 -0700 (PDT)
On Thu, 24 Jun 2004, Joey Morin wrote:
> you can't reach an internal server from the LAN via NAT by way of the WAN
> IP, but you can reach the m0n0wall webgui from the LAN by way of the WAN
> IP...??!!
> does anyone else think this is strange?  i realize that it doesn't go

Not if you understand how IP works. :-)

NAT behavior is a function of the interface, while addressing the m0n0wall
itself is not.  Most systems implement the "weak end system" model,
menaing that the machine can be reached via any of its IP addresses,
regardless of whether the address matches the interface where the packet
arrived.  If you don't like that, add some block rules. :-)

On Fri, 25 Jun 2004, Stefan Thuering wrote:
> Joey Morin wrote:
> > this is perhaps only a minor annoyance, but when i moved to m0n0wall i
> > lost this ability.  behind my inexq this was no problem.  can anyone
> > explain why this is not possible to implement?  is it a limitation, or by
> > design?
> If your ISP offers a web proxy feature you can use it to test your 
> nat'ed ports (because you then go out and come back in).

Or if they have shell service with SSH you can tunnel the access through
the shell server.  Or if they have shell service without SSH, try lynx (or
even telnet) from the shell server.

					Fred Wright