Bug Reports

Version 1.32

Wan address: W.W.W.W/30 (public IP)
DMZ address: D.D.D.D/29 (public IPs)
LAN address: L.L.L.L/24 (private IPs)

When I create an inbound nat rule using the WAN Interface Address to a LAN subnet server, m0n0wall generates an ipnat rule like the following:

rdr rl0 0.0.0.0/0 port 80 -> L.L.L.X port 80 tcp

This is a bug.  It causes the router to nat all requests even for ip addresses that are not the WAN Interface Address (DMZ ips!).  It should be creating a rule like so:

rdr rl0 W.W.W.W/32 port 80 -> L.L.L.X port 80 tcp

my workaround is to never use the WAN interface address for NAT when you have public IPs on the DMZ.

Version 1.32

Wan address: W.W.W.W/30 (public IP)
DMZ address: D.D.D.D/29 (public IPs)
LAN address: L.L.L.L/24 (private IPs)

When I create an inbound nat rule using the WAN Interface Address to a LAN subnet server, m0n0wall generates an ipnat rule like the following:

rdr rl0 0.0.0.0/0 port 80 -> L.L.L.X port 80 tcp

This is a bug.  It causes the router to nat all requests even for ip addresses that are not the WAN Interface Address (DMZ ips!).  It should be creating a rule like so:

rdr rl0 W.W.W.W/32 port 80 -> L.L.L.X port 80 tcp

my workaround is to never use the WAN interface address for NAT when you have public IPs on the DMZ.

I always wondered if that was a bug or not. But yeah, I've seen that for years. Thought maybe that's just how m0n0wall works, but perhaps it is a bug in the sense that it seems logical that only the NAT rule would apply to the single IP you set it for rather than all of them.