News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: Weird NAT behaviour
Pages: [1]
Topic: Weird NAT behaviour  (Read 1037 times)
« on: January 14, 2009, 17:11:41 »
harhan *
Posts: 3
I'm using the M0n0wall Captive Portal inside a private network (MPLS/IPVPN) to provide guest internet access over WLAN. On the WAN-interface I've turned off "Block private networks" since some traffic orginating from private addresses will go through the firewall. The Captive Portal is used on the LAN-IF, and on the Opt1-IF I'm putting the management net for the WLAN-AP's (separate management VLAN).
My trouble is that, even if I'm routing the AP's management net, M0n0wall is NAT-ing the reply.
See the following capture with wireshark:
1   0.000000   192.168.48.131   10.199.96.10   ICMP   Echo (ping) request
2   0.007909   172.19.120.40   192.168.48.131   ICMP   Echo (ping) reply

This should have been:
1   0.000000   192.168.48.131   10.199.96.10   ICMP   Echo (ping) request
2   0.007909   10.199.96.10   192.168.48.131   ICMP   Echo (ping) reply

The only way to solve this is by creating advanced outgoing NAT-rules like these, but it is not a long term solution:
WAN    10.199.96.0/24    ! 192.168.0.0/16    *          
WAN    10.199.98.0/23    *    *

Is this a bug? The state of any session should be remembered. The NAT-rules for outgoing traffic should not apply on incoming sessions, this is common sense in my opinion...

By the way, 10.199.96.0/24 is WLAN-AP management, 10.199.98.0/23 is the guest network.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines