News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: 1:1 NAT doesn't work - What's the trick?
Pages: [1]
Topic: 1:1 NAT doesn't work - What's the trick?  (Read 5091 times)
« on: February 26, 2008, 20:07:27 »
optical *
Posts: 3
Like others, I have multiple IP's and want to do 1:1 NAT using the extra IP's.  I think I have configured every including an Any Any rule for testing but I can't seem to ping or manage the web server on the LAN side.  This is a pretty standard setup and not sure what I'm doing wrong. 


Here's what I got:

1:1 NAT
Interface     External IP     Internal IP     Description     
WAN    66.92.38.164/32    172.30.1.6/32    Trixbox

FW Rule
Proto     Source               Port  Destination     Port     Description
*     RFC 1918 networks     *     *                *     Block private networks (default rule)
*             *                          *   172.30.1.6       *        Any Any rule for trixbox

Services: Proxy ARP
Interface    Network    Description   
WAN    66.92.38.164     


This is it, right?   I even powered cycle all equipment on my side to rule out arp cache but still doesn't work.
« Last Edit: February 26, 2008, 20:14:22 by optical »
« Reply #1 on: February 26, 2008, 22:01:17 »
ChainSaw
Guest
you might wan't to check with your ISP and see if they can see your 66.92.38.164 in their ARP table.

CS...

sorry about the edit.  I was trying to digest your original post.
« Last Edit: February 26, 2008, 22:21:07 by ChainSaw »
« Reply #2 on: February 26, 2008, 22:12:50 »
optical *
Posts: 3
That's the only available selection.  I have multiple IP's on the WAN.
« Reply #3 on: February 26, 2008, 22:43:56 »
optical *
Posts: 3
This is definitely not an ISP issue because it works direct w/o monowall.  Any other suggestions?
« Reply #4 on: February 26, 2008, 23:52:17 »
ChainSaw
Guest
are you sure your m0n0wall's WAN CIDR is correct?

what address do you get back if you visit:  http://whatismyip.com/  from your Trixbox?

CS...
« Reply #5 on: March 03, 2008, 02:54:28 »
cmb *****
Posts: 851
Quote from: optical on February 26, 2008, 22:43:56
This is definitely not an ISP issue because it works direct w/o monowall.

That's not true, and leads me to another suggestion.

If you're using a different machine on that IP, and then switch it out for m0n0wall, you're going to be stuck for a few hours with virtually all ISPs because of the ARP cache on their routers. Cisco's default is 4 hours, in that case you'll have to wait 4 hours after disconnecting the previous machine before it'll work on m0n0wall.
« Reply #6 on: April 07, 2008, 15:54:26 »
jslande01 *
Posts: 1
So I'm confused, in the firewall rules (from public WAN to internal LAN) you allow access to the private ip address and not the public ip address?
« Reply #7 on: May 11, 2008, 16:08:39 »
takuser *
Posts: 1
Hi,

I tr use 1:1 NAT for my teo web server nerver work for me, only way able access from WAN IP is use differ port, the port 80 only able route to one ip unlike other router 1:1 NAT will map ONE WAN IP = ONE LAN IP and all ports will be open for access from WAN side.
on monowall after setup the 1:1 NAT you still need setup the port forwarding.

my setting exp.


WAN                 LAN

http://10.0.0.1       =    192.168.1.1     web1
http://10.0.0.2:81  =    192.168.1.2     web2 

« Reply #8 on: May 17, 2008, 05:47:25 »
knightmb ****
Posts: 341
Quote from: ChainSaw on February 26, 2008, 23:52:17
are you sure your m0n0wall's WAN CIDR is correct?

what address do you get back if you visit:  http://whatismyip.com/  from your Trixbox?

CS...
Go here: http://wanip.org/

No advertisements (yet)  Cool
« Last Edit: May 17, 2008, 06:26:11 by knightmb »
Radius Service for m0n0wall Captive Portal - http://amaranthinetech.com
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines