[ previous ] [ next ] [ threads ]
 
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Problems with DNS server replication
 Date:  Sun, 12 Sep 2004 15:32:35 -0700 (PDT)
On Fri, 3 Sep 2004, James W. McKeand wrote:

> Outbound NAT - I really have no Idea, this is my theory. I have read the
> description on the WebGUI. I think you can make outbound packets look like
> they are originating from an IP other than the default WAN IP. For example
> WAN IP is 10.0.0.1 with 10.0.0.2 as an additional external IP. Packets from
> 172.16.0.1 (on the LAN) look like they originated from 10.0.0.2 instead of
> 10.0.0.1 (default WAN IP). You would need to create multiple rules, some to
> handle specific source IPs and some generic source IPs. This is because with
> this enabled, automatic mappings are *NOT* created. With this Disabled WAN
> IP is used by default and mappings are automatically created. Again, I do
> not use this, this is just my theory on how it works. Someone correct me if
> I am wrong.

Well, all "standard NAT" is outbound.  What the "Advanced outbound
NAT" does is allow you more control.  This can mean:

1) NATting something that otherwise wouldn't be, i.e. going to a non-WAN
interface.

2) Not NATing something that otherwise would be, i.e. something going over
WAN that's really "local" (e.g. talking to a modem's built-in webserver).

3) NATting "from" a different IP than the primary WAN IP.

					Fred Wright