This one time, at band camp, zealot said:
> In addition to the firewall rule, add a NAT rule to forward port 1026 on
> the WAN to 192.168.0.1 1026.
> Tip: If you plan to forward ports, start with NAT rules first because
> there's a checkbox at the bottom of the page that reads, "Auto-add a
> firewall rule to permit traffic through this NAT rule".
i NAT to 127.0.0.1, so if i change the m0n0's ip, or my LAN subnet, i have
one less thing to worry about. i've assumed that there's nothing horribly
wrong with doing it this way, but perhpas someone can put me in my place
This one time, at band camp, Quark IT - Hilton Travis said:
> Normally, yes. But Ryan said he had changed the port on the m0n0wall to
> 1026, so now his m0n0wall listens on :1026. I would suggest https is
> hella more appropriate for external access, using a good passphrase.
> :1026 would still be accptable, just change the protocol used.
i keep the m0n0 configured for HTTPs on the normal port, 443. but
externally, i NAT from a different port. this adds the little bit of
"security through obscurity" of the non-standard port on the outside, but
allows me to just use the normal HTTPs port from the LAN.