All,
I am unable to get SERVER NAT working. I have been fighting this issue for sometime and need some help.
Here is my config for review and hope something jumps out and is obvious.
Inbound NAT on the inbound WAN interface works as expected, but the inbound 203 interface does not.
Machine:
PentIII 1000
256mg RAM
Version 1.3b16
Thanks in advance.
Sincerely,
Kulmacet
<?xml version="1.0"?>
<m0n0wall>
<version>1.8</version>
<lastchange>1253752831</lastchange>
<system>
<hostname>firewall1</hostname>
<domain>xxxxxxx.com</domain>
<username>admin</username>
<password>xxxxx</password>
<timezone>Etc/UTC</timezone>
<time-update-interval>300</time-update-interval>
<timeservers>2.m0n0wall.pool.ntp.org</timeservers>
<webgui>
<protocol>http</protocol>
<port/>
<certificate/>
<private-key/>
</webgui>
<dnsserver>172.16.1.30</dnsserver>
<harddiskstandby/>
</system>
<interfaces>
<lan>
<if>fxp0</if>
<ipaddr>172.16.1.1</ipaddr>
<subnet>24</subnet>
<media/>
<mediaopt/>
</lan>
<wan>
<if>fxp1</if>
<blockpriv/>
<media/>
<mediaopt/>
<spoofmac/>
<ipaddr>xx.xx.xx.202</ipaddr>
<subnet>24</subnet>
<gateway>xx.xx.xx.1</gateway>
</wan>
</interfaces>
<staticroutes/>
<pppoe/>
<pptp/>
<dyndns>
<type>dyndns</type>
<username/>
<password/>
<host/>
<mx/>
<server/>
<port/>
</dyndns>
<dnsupdate/>
<dhcpd>
<lan>
<range>
<from>192.168.1.100</from>
<to>192.168.1.199</to>
</range>
</lan>
</dhcpd>
<pptpd>
<mode/>
<nunits>16</nunits>
<redir/>
<localip/>
<remoteip/>
</pptpd>
<dnsmasq>
<enable/>
</dnsmasq>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<diag/>
<bridge/>
<syslog/>
<nat>
<advancedoutbound/>
<servernat>
<ipaddr>xx.xx.xx.203</ipaddr>
<descr>203</descr>
</servernat>
<portrange-low/>
<portrange-high/>
<rule>
<protocol>tcp</protocol>
<external-port>22</external-port>
<target>172.16.1.97</target>
<local-port>22</local-port>
<interface>wan</interface>
<descr>ssh -></descr>
</rule>
<rule>
<external-address>xx.xx.xx.203</external-address>
<protocol>tcp</protocol>
<external-port>22</external-port>
<target>172.16.1.98</target>
<local-port>22</local-port>
<interface>wan</interface>
<descr>203->ssh</descr>
</rule>
</nat>
<filter>
<rule>
<type>pass</type>
<descr>Default LAN -> any</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<rule>
<type>pass</type>
<descr>Default IPsec VPN</descr>
<interface>ipsec</interface>
<source>
<any/>
</source>
<destination>
<any/>
</destination>
</rule>
<rule>
<interface>wan</interface>
<protocol>tcp</protocol>
<source>
<any/>
</source>
<destination>
<address>172.16.1.97</address>
<port>22</port>
</destination>
<descr>NAT ssh -></descr>
</rule>
<rule>
<interface>wan</interface>
<protocol>tcp</protocol>
<source>
<any/>
</source>
<destination>
<address>172.16.1.98</address>
<port>22</port>
</destination>
<descr>NAT 203->ssh</descr>
</rule>
<tcpidletimeout/>
</filter>
<shaper/>
<ipsec>
<dns-interval/>
</ipsec>
<aliases/>
<proxyarp>
<proxyarpnet>
<interface>wan</interface>
<network>xx.xx.xx.0/24</network>
<descr>WAN subnet</descr>
</proxyarpnet>
</proxyarp>
<wol/>
</m0n0wall>
m0n0wall Forum > m0n0wall Support (English) > Firewall/NAT
Topic: Server NAT not working (Have I heard this before?)