Re: [m0n0wall] problems with remote login to router

From:	Joey Morin <jmorin at icomm dot ca>
To:	zealot <zealot at tradersguild dot net>, Quark IT - Hilton Travis <hilton at quarkit dot com dot au>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] problems with remote login to router
Date:	Tue, 29 Jun 2004 01:05:15 -0400 (EDT)

This one time, at band camp, zealot said:

> In addition to the firewall rule, add a NAT rule to forward port 1026 on
> the WAN to 192.168.0.1 1026.
>
> Tip: If you plan to forward ports, start with NAT rules first because
> there's a checkbox at the bottom of the page that reads, "Auto-add a
> firewall rule to permit traffic through this NAT rule".

i NAT to 127.0.0.1, so if i change the m0n0's ip, or my LAN subnet, i have
one less thing to worry about.  i've assumed that there's nothing horribly
wrong with doing it this way, but perhpas someone can put me in my place
:)


This one time, at band camp, Quark IT - Hilton Travis said:

> Normally, yes.  But Ryan said he had changed the port on the m0n0wall to
> 1026, so now his m0n0wall listens on :1026.  I would suggest https is
> hella more appropriate for external access, using a good passphrase.
> :1026 would still be accptable, just change the protocol used.

i keep the m0n0 configured for HTTPs on the normal port, 443.  but
externally, i NAT from a different port.  this adds the little bit of
"security through obscurity" of the non-standard port on the outside, but
allows me to just use the normal HTTPs port from the LAN.

jj