Firewall/NAT

Hello,

my m0n0wall has a static WAN IP address.
I can PING from my m0n0wall to hosts in the WAN but not in the other direction: a ping onto the m0n0wall is not possible (no reaction). Ok, maybe that is the way it should be.
I can ping the m0n0wall and connect to the webGui from inside with the external static address.
Now I want to allow a ssh connection from outside to a client in the LAN.
I implemented a Firewall WAN and a NAT inbound Rule but i still can not ping or ssh to the m0n0wall.

Any help is appreciated.

Sincerely,
F. Bunjes

You need an inbound rule to allow inbound traffic that you want to accept for each protocol.  You probably need multiple rules.

Start with a new inbound NAT rule and allow ICMP from the WAN port to a server inside the LAN network.  If you don't want anyone to "see" this server by pinging it, then specify the specific host that you want to ping from and therefore only allow that host to ping your "inside" server.  Make sure you tick the "Auto-add a firewall rule to permit traffic through this NAT rule" box at the bottom of the add NAT rule screen otherwise you will have to create a firewall rule manually! 

You will have to explicitly tell m0n0wall about each protocol or protocol-group that you want to allow access for in the same way as for ICMP above.

Make sure you understand what this whole routing, NAT'ing, etc is about, otherwise you'll be exposing yourself and may open up traffic from outside in a way that will compromise your security (and negate the whole point of the firewall in the first place).

Hope that helps.