News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: Main WAN IP plus added Server NAT IPs - doesn't work
Pages: [1]
Topic: Main WAN IP plus added Server NAT IPs - doesn't work  (Read 1384 times)
« on: December 12, 2012, 13:41:15 »
spimfurt *
Posts: 2
I found in documentation this: http://doc.m0n0.ch/handbook/firewall-servernat.html ant it looks simple. Also i googled many forums, but my skills or uderstanding capacity isn't enough.
I have more than one WAN address available to use. Sixteen, with gateway and broadcast.

Structure of my network is simple:

internet <-> [m0n0WAN (default one wan ip) <-> m0noLAN] <-> LAN (10.0.0.0/24)

Inside my LAN i have 3 webservers and goal is each of them serve (accept request and reply on request) on his own WAN at port 80 thru this one m0n0wall router.
Current state is: Different 3 ports on one WAN IP (ex. 80, 88, 89) translated by NAT to port 80 on each webserver.

Then i added one Server NAT wan IP. Then i created NAT record (This WAN IP at port 80 translate to this LAN IP port 80. Then i checked if it works from internet. Nothing happened.

Desired state i see like following:

intertnet - m0n0wall default WAN           1.2.3.4:80---NAT/Rule---m0n0wall LAN (10.0.0.1) ----- Webserver1 (10.0.0.2:80)
                  m0n0wall Server NAT WAN   1.2.3.5:80---NAT/Rule---m0n0wall LAN (10.0.0.1) ----- Webserver2 (10.0.0.3:80)
                  m0n0wall Server NAT WAN   1.2.3.6:80---NAT/Rule---m0n0wall LAN (10.0.0.1) ----- Webserver3 (10.0.0.4:80)

Just with two network cards. One for WAN one for LAN.

What i'm missing? I have created secondary WAN IP via Server NAT option, i have NAT record with conditions from guide above, i have automaticaly added rule in inbound NAT list. I'm using ver. 1.34. I have one IPSec tunnel.

Thanks for reply. Spimfurt
« Reply #1 on: December 13, 2012, 23:57:33 »
ThePacketSlinger *
Posts: 3
Did you change the source port numbers in your firewall rules for 10.0.0.2/3/4? You're right, everything looks correct here, that was the only thing you didn't mention.
« Reply #2 on: December 14, 2012, 00:25:25 »
spimfurt *
Posts: 2
Quote from: ThePacketSlinger on December 13, 2012, 23:57:33
Did you change the source port numbers in your firewall rules for 10.0.0.2/3/4? You're right, everything looks correct here, that was the only thing you didn't mention.

I left the old ones there and add new ones.
ex.:
Old (left in settings)
Inbound NAT entry:
IF WAN    Proto TCP    Ext. port range 88    NAT IP 10.0.0.3    Int. port range 80(HTTP)
FW Rules:
Proto TCP    Source *    Port *    Destination 10.0.0.3   Port 80 (HTTP)

New added after Server NAT IP was added too:
Inbound NAT entry:
IF WAN    Proto TCP    Ext. port range 80 (HTTP)   NAT IP 10.0.0.3 (ext.:1.2.3.5)    Int. port range 80(HTTP)
FW Rules:
Proto TCP    Source *    Port *    Destination 10.0.0.3   Port 80 (HTTP)

FW rule, automaticaly generated from NAT entry form is exact the same like old one. I'm not sure right now, but i possibly never try to delete old NAT entry and Rule and then create new ones. I was hope they can coexist together and webserver can be accesible by both ways and WAN IPs. This router has many rules and NAT records, i'm using it for 7 years, but always only with one IP.

Well, do you see anything wrong? And sorry for my english.

Thanx, Spimfurt
« Last Edit: December 14, 2012, 00:27:42 by spimfurt »
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines