[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  David Cooper <david underscore cooper at elwyn dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Static Nat - Any Issues?
 Date:  Sat, 11 Oct 2003 09:15:16 +0200 (CEST) 
Hi David,

On Fri, 10 Oct 2003, David Cooper wrote:

> I am having a problem with a 1:1 (or static) NAT translation. I am binding:
> 207.xxx.xxx.90  10.1.20.24

Please post the output of /cgi-bin/status.cgi (minus any passwords), as
it's really hard to help without that information.

> I also create a rule:
> ICMP  *  *  10.1.20.24  *
>
> When I ping 207.xxx.xxx.90 from the internet it comes back with a "Reply
> from 10.1.20.24". I'm pretty sure this is not static NAT behavior.

Hmm, just to be sure, I tried something like your config (with 1:1), and
the ICMP reply packets were properly NATed back (confirmed with tcpdump).

I suspect the 10.1.20.24 machine has some other route (additional
interface?) back to the Internet (or that 207.xxx.xxx.xxx subnet at
least), and as such its replies don't pass through m0n0wall, so they're
not NATed, and TCP connections fail. What is the configuration
(interfaces, IP addresses, routes) of that machine?

- Manuel