News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: outgoing NAT on inbound session??
Pages: [1]
Topic: outgoing NAT on inbound session??  (Read 1314 times)
« on: February 04, 2009, 12:20:46 »
hmann *
Posts: 1
Hello monowall devs and users,

I found a rather odd NAT behaviour in the recent beta (1.3b15).
When I have inbound traffic from the internet to an inside official net (so no inbound nat here) the traffic
get's answered, but the outbound traffic is natted to the external interfaces ip..
More "graphical":
[testPC 1.1.1.10]--[1.1.1.1 WAN monowall LAN 2.2.2.1]--[2.2.2.10 testserver]
the testpc has a route to 2.2.2.0/24 via 1.1.1.1.
If the testpc now pings 2.2.2.10, it will get an answer, but the answer says it is coming from 1.1.1.1(!).
That should not happen since the incoming ICMP creates a session, which the outgoing reply should trigger
and so there's no nat to be expected.. at least in my opinion.. :-)
As long as there is a NAT rule from LAN to WAN the behaviour is as described. Same goes for any other traffic
type, so an e.g. TCP session is impossible.
So why do I NAT at all, if everything is official? Yeah right.. It is a training environment, so it is fake official.
We always connect from the untrust side but sometimes have to connect to the internal PCs to show outbound
NAT behaviour of some applications. And this fails..

So.. is it my wrong or something weird in the NATing code?

Regards,
Marc
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines