General Questions

I've only tried quick with one pc in the LAN-interface, since I haven't got my 8-port GB-switch yet, so couldn't try if more hosts behind it would work as default.

Thats why I ask if PAT is running as default, or is it only static NAT (seems to be called 1:1 NAT here), meaning one outside IP translates to one internal IP, meaning only one pc on the LAN will work.

Anyway, can you enable/disable PAT if you for some reason wouldn't want it?
Handbook dont say much there...maybe its self explanatory, dont have the router connected yet.

Thanks

...

I found some more info on this (guess I'm just bad finding my way around in the handbook).

It SEEMS, that outbound NAT is actually Port Address Translation???

As default its enabled for all interfaces with RFC1918-addresses I guess, or something like that.
But if you enable Outbound NAT you disable it everywhere, and then you have to enable it manually with rules under Outbound NAT, like for example "192.168.0.0/24 are supposed to have PAT enabled so all pc's there can browse the web with the one public IP", and then you just add that as a rule, while maybe leaving OPT1 or other interfaces without any PAT.

Thats it, did I nail it finally?

EDIT: If I'm right, would be nice to know if it port-translates between all interfaces, or just when going through the WAN? Probably dont want PAT running when talking from LAN to OPT1 for example....

I wasn't exactly sure what to make of all the posts, but I'll answer the questions I think they were questions? 

You can always enable/disable 1:1 NAT anytime you wish, works all on the fly as soon as you apply the settings.

You can map a single WAN IP to a single machine on the LAN or multiple machines on the LAN using 1:1 NAT

1:1 Basically is like a "DMZ" setup in which all packets from a single WAN IP are forwarded to a single/multiple clients on the LAN

For 1:1 NAT to work you need:

• Static WAN IP
• Proxy ARP if you have multiple WAN IP on your Link
• Client(s) on your LAN to link to
• Firewall Rule enabling the ports that you want to allow through (be it all of them or just a few)
• 1:1 NAT bypasses any "Advanced Outbound NAT" settings you may have setup

Screenshot below, I use 1:1 NAT for 2 machines on the network.

Thanks, and yes, I know the post was a mess cause I asked first and read handbook more thoroughly (spelling?) afterwards and it just got this way

Anyway, its most PAT, Port Address Translation, I was wondering about.
Its all got kind of special names here so I want to make sure I really understand how it works.

It SEEMS, that outbound NAT is actually Port Address Translation....right???
And if you enable Outbound NAT you disable it everywhere, and then you have to enable it manually with rules under Outbound NAT, like for example "192.168.0.0/24 are supposed to have PAT enabled so all pc's there can browse the web with the one public IP", and then you just add that as a rule, while maybe leaving OPT1 or other interfaces without any PAT.
Are my assumptions right?
And then, if no Outbound NAT is enabled, do you have Port Address Translations between ALL interfaces, or only when "speaking" outwards through the WAN interface?

I think that's right, basically Outbound NAT is as you said, "what WAN IP does a certain range use when accessing the Internet".

So if you had two WAN IP, you could have half your range be 68.1.1.5 and the other half be 68.1.1.6 when they surf the web, use online games, etc. Any range, or single PC that you don't specify won't be able to access the Internet because there will be no return path for the packets (actually won't even send any packets too).

By default, everyone on the LAN shares the WAN IP of m0n0wall. If you enable Outbound NAT, all you can do is map a setting to the same WAN IP, so you don't really gain anything.  The best use of it is when you have multiple WAN IP and you want to control where all the clients "go out" on the Internet under your specified WAN IP.

Yeah, probably thats correct, thanks

Would still be nice to know if Port Address Translation is running between LAN->OPT and OPT->LAN, or if the default is only from every other interface through the one and only WAN (in such a setup).

Of course, might as well disable Outbound and enter your own simple rules in 2-3 statements, but strange I dont see it mentioned in handbook which interfaces PAT as default.