Firewall/NAT

I am trying to setup NAT to allow me to access my Wireless Access Points Remotely.
I am using 1.3

Here is the setup

AP1 through AP5 are on the  public Interface (OPT1) there is also Captive Portal on this Interface

I have tried NATing

WAN TCP 1234 172.0.1.1 80(HTTP) AP1 Remote Admin
WAN TCP 1235 172.0.1.2 80(HTTP) AP2 Remote Admin
etc

Remotely accessed by

http://X.X.X.X:1234
http://X.X.X.X:1235
etc


I have tried this with the CP on and off also i have tried allowing the "Allowed IP addresses" to and from for these AP's

What am i doing wrong???

Have you permitted the traffic through you ip rules too ?

I setup the NAT rules and just clicked on "Auto-add a firewall rule to permit traffic through this NAT rule"

Is there a specific rule i need to add or is this sufficient

I had the same problem accessing them from a pptp vpn when they were on a CP subnet.  Add the IP address for the AP into the allowed IPs for the Captive portal.

I was just going to post that connecting via PPTP works fine. But i can not understand why the NAT and Firewall rules are not working to forward to this. Essentially it is like forwarding a made up external port (2001 in my example) to an internal web server in the AP.

Strange???

I looked at the Log and it shows a green arrow and the attempt at the connection. Is this showing that the Firewall let the connection pass? Maybe it is something to do with the access port and the fact that my PC has my ip form the current remote network i am on and not the local IP of the network i am connecting to. As i said when i have an ip from the VPN connection it works fine.

Hmmmmmmmmm

sounds like it should work, and yes, the green entry indicates it did pass the traffic through.

do the AP's have a route back to you ?

Route back to you?? I don't under stand. Can you elaborate a bit

thanks

are these real access points or wireless routers?  if the later, they most likely don't have a way to specify a default gateway.

Roy...

yes.  Maybe the AP can't return the packet.  Have you set a default gateway on the AP pointing to m0n0wall

consider adding a rule to log allowing the ap packets back to you .

I tried all versions of firewall rules to get access to AP's WebGUI behind the CP from secured/office subnet. No chance to connect! It's only working when you a allow traffic from the IP of the AP to anywhere on the Captive Portal setting page. I haven't tried if all users can pass the CP when this rule is activated.
Or did I something wrong?

that makes sense though. in your setup traffic from the ap can only go through  m0n0wall back to you if the captive portal allows it.

opening for your ap should mean that ap users are allowed through though

An access point doesn't do NAT.  With the AP traffic allowed through, it doesn't then allow client traffic through without authenticating.  It would if it was a wireless router which was using NAT, not for a simple AP though.

yes, my should , should have read shouldn't :-)

opening for your ap shouldn't mean that ap users are allowed through though