Firewall/NAT

i configured nat rules to allow access to my mail/web/dev server from outside, mapping the usual suspects (22, 80, 443, 143, 993, 25, 587) to the box on the lan.

access from outside seems to work, but i can't access any services from inside via name (mail client is set to use domain, etc.).

is there an easy way to accomplish this? do i need to get rid of nat/firewall rules and enable just firewall rules here? it feels like i'm missing something simple and that i've done this before with m0n0, but i haven't nailed it down.

thanks.

When you set up the Firewall: NAT:Inbound rules, did you see this statement at the bottom of the page?

"Note:
It is not possible to access NATed services using the WAN IP address from within LAN (or an optional network)."


The easiest way to work around the problem is to put an entry into your LAN computer's hosts file equating the 'name' and the private LAN IP.

Another way is to properly make settings in Services: DNS forwarder.

ah, well... one of the issues i have is that my mx and www servers point to domain.com, not subdomain.domain.com.

how would i work out that configuration with m0n0wall?

I guess you still aren't understanding that message.

The WAN IP address or names that resolve to that IP address can't be used from the LAN to reach those servers. It doesn't matter whether it's the domain name or a subdomain that resolve to that IP. You can't use that IP to reach the LAN servers, period.

Just add the suggested information into your PC's hosts file and be done with it.

no, i "get it," but was hoping for a more elegant method of dealing with this.

i'd rather not have to add hosts entries on my laptops and desktops (os x) and the other servers (freebsd) on the network if m0n0 can handle this.

i'll try the "domain override" option in dnsmasq to point queries to the mail/web server, as it's running bind already. maybe that will do it.

thanks for your help.

I would just add entries for each of the servers (www.mydomain.com, smtp.mydomain.com) to the DNS forwarder.

I think the Domain override requires an external DNS server.. so if you have one great, but I think it is easiest is to just use individual entries.  That's what I did on my network - especially since I do not control most of the PCs on the LAN.

Aaron

I would just add entries for each of the servers (www.mydomain.com, smtp.mydomain.com) to the DNS forwarder.

I think the Domain override requires an external DNS server.. so if you have one great, but I think it is easiest is to just use individual entries.  That's what I did on my network - especially since I do not control most of the PCs on the LAN.

Aaron

that did the trick. thanks for confirming this works. i added a few host entries, flushed my dns cache on the client, and all is well. this is a lot easier than editing (or pushing out) hosts files…

it would be nice to edit more than one host entry at a time or to upload a config file with the entries.

that did the trick. thanks for confirming this works. i added a few host entries, flushed my dns cache on the client, and all is well. this is a lot easier than editing (or pushing out) hosts files…

it would be nice to edit more than one host entry at a time or to upload a config file with the entries.

I'm so glad that worked for you!  At least I helped one person on here!   I've benefitted from this project, so I am giving back.  I hope others do as well!

Aaron

Can anyone explain how I would access LAN resources by port instead of hostname?
I access a server remotely by going to www.myname.com:33000. I need to access that from my LAN by using the same domain name but I want to access other resouces locally also so I can't just use the wildcard, that would make everything go to the one host.
Any way around this?

Right now I have :

Host          Domain                           IP                                       Description
*               www.myname.com          local ip of server                name of resource being accessed

It works to access the server (home automation server) locally or remotely but I want to be able to access my surveillance DVR locally also and that just uses the domain name and a different port, not a hostname.

Would I be able to use a WHS as a local dns and override the whole domain?

No one knows how to do this??

To access a server on an opt interface from your lan with the external address you just add an inbound NAT rule on the lan interface.

Example web service
Interface: LAN
External address: WAN address
Protocol: TCP
External port: HTTP
NAT IP: <the server address>
Local port: HTTP

/Anders Hagman