[ previous ] [ next ] [ threads ]
 
 From:  Gordon Day <gordon at deepcovelabs dot com>
 To:  Manuel Kasper <mk at neon1 dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] BUG: config.xml <servernat> section not processed?
 Date:  Wed, 13 Oct 2004 00:01:32 -0700
Hmm.  What I tried was:
  If I set up proxy ARP for the subnet that is routed to me (note: the 
subnet _does_ include m0n0's WAN ip) as follows:
	
	m0n0 WAN ip: 216.13.yyy.1
	Server NAT entry for 216.13.yyy.2
	Inbound NAT for 216.13.yyy.2, tcp port 443 -> 10.0.0.10, tcp port 443
	Firewall rule allowing WAN traffic to 10.0.0.10, tcp port 443
	Proxy ARP for 216.13.yyy.2

Then I do not get any traffic flowing. The Proxy ARP works correctly, 
but no joy on the NAT side of things. Nothing shows up in the firewall 
logs either on the default block rule or on the explicit logging I 
turned on for the pass rule for the Inbound NAT.
This is what led me to believe that something was amiss with Server NAT 
in the first place.  Am I missing something obvious?

Thanks,

Gordon.

Manuel Kasper wrote:

> On 12.10.2004 22:53 -0700, Gordon Day wrote:
>
>
>> I have been evaluating CD-ROM release 1.1 of M0n0wall and have
>> discovered by direct experience and by trolling the mailing list
>> that while m0n0 correctly reflects Server NAT entries in the GUI,
>> they don't seem to have any effect on the underlying operating
>> system.  For example:
>>
>
> That's perfectly normal - the only purpose of server NAT is to define
> additional IP addresses for inbound NAT. It doesn't add any IP
> aliasing, as that is not needed in most cases (when people have
> routed subnets or use PPPoE/PPTP on WAN). For other cases, there's
> proxy ARP, which is better than IP aliasing. See
> <http://m0n0.ch/wall/docbook/faq-ipalias.html>.
>
> - Manuel
>

-- 
gordon at deepcovelabs dot com
+1.604.689.8962

DeepCove Labs Ltd.
4th floor 595 Howe Street
Vancouver, Canada V6C 2T5