Firewall/NAT

Hi all

Pulling my hair out with one here.

I have a monowall (1.33) that is a filtering bridge and also doing nat.

the filtering bridge is as such

Wan GW - 1.2.3.177
Monowall Wan interface - 1.2.3.178
server1 - 1.2.3.179

Wan is bridged with opt1 which is connected to server1.

The lan is 10.0.1.254 and is natting, I have another server running on 10.0.1.2, that has a nat rule from wan address to port 80.

Monowall LAN - 10.0.1.254
server 2 LAn - 10.0.1.2

No my issue.

if I create a wan rule for port 80 from Any -> 1.2.3.179, it doesnt work, no errors in the logs but if I tcpdump on server1, I get:

11:32:46.177766 IP 217.10.22.35.30009 > 10.0.1.2.www: Flags , seq 2123462689, win 8192, options [mss 1452,nop,nop,sackOK], length 0

Now that is the server with the EXTERNAL ip address, that is part of the filtering bridge, why is it seeing the traffic for 10.0.1.2?

If I disable the NAT rule for 80 to 10.0.1.2 from the wan address, then the filtering bridge rule works correctly.

I have 3 other systems set up like this and can reproduce it on all of them.

Any ideas?

I am sure someone will correct me if I am wrong, but I don't think a filtering bridge and NAT's services are compatible. The LAN interface is typically used to do the initial configuration and is then disabled.

I doubt that would be the case, otherwise you would not be able to set rules on the monowall with no access to the gui

I doubt that would be the case, otherwise you would not be able to set rules on the monowall with no access to the gui

Not true. You can access the GUI from the WAN with the appropriate rule.

Ah yes fair enough.

This is on a remote vmware server, so may pose an issue if nat cant be used simlultaenously, as I would then not be able to acess the vmware managmenent etc.