[ previous ] [ next ] [ threads ]
 From:  Joey Morin <jmorin at icomm dot ca>
 To:  zealot <zealot at tradersguild dot net>, Quark IT - Hilton Travis <hilton at quarkit dot com dot au>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] problems with remote login to router
 Date:  Tue, 29 Jun 2004 01:05:15 -0400 (EDT)
This one time, at band camp, zealot said:

> In addition to the firewall rule, add a NAT rule to forward port 1026 on
> the WAN to 1026.
> Tip: If you plan to forward ports, start with NAT rules first because
> there's a checkbox at the bottom of the page that reads, "Auto-add a
> firewall rule to permit traffic through this NAT rule".

i NAT to, so if i change the m0n0's ip, or my LAN subnet, i have
one less thing to worry about.  i've assumed that there's nothing horribly
wrong with doing it this way, but perhpas someone can put me in my place

This one time, at band camp, Quark IT - Hilton Travis said:

> Normally, yes.  But Ryan said he had changed the port on the m0n0wall to
> 1026, so now his m0n0wall listens on :1026.  I would suggest https is
> hella more appropriate for external access, using a good passphrase.
> :1026 would still be accptable, just change the protocol used.

i keep the m0n0 configured for HTTPs on the normal port, 443.  but
externally, i NAT from a different port.  this adds the little bit of
"security through obscurity" of the non-standard port on the outside, but
allows me to just use the normal HTTPs port from the LAN.