Firewall/NAT

I have my website port 80 forwarding to a local web server ip address say 192.168.1.2, monowall is 192.168.1.1
when i access website from outside net(HOME), my server loads like normal.
but when i access my (office) static ext ip address from inside my office local workstation, the monowall gui login shows, ok so I changed this to port 423.
Now the strange part the page shows as unable to load.
I have A webpage and program that works just fine accessing from outside the network (offisite), but it doesn't work when in the network, otherwise i would just use the local 192.168.1.2 (but that can not be used as i have to use the ext ip address).
i have lan and wan accessing and nat rule port 80 to pass(allow), but still doesn't work, is this a BUG ?
thanks
Jack

It's not a bug. If you look at the bottom of the Firewall: NAT: Inbound page, you will find the following:

Note:
It is not possible to access NATed services using the WAN IP address from within LAN (or an optional network).

What about creating an ipfilter or iptable using the command button via /exec.php page.
Any insight on how to use in monowall, I'm good in linux, just new to monowall (syntax).
is that possible?
thanks
James

I am not aware of any way you can manually configure rules that solve the inability of m0n0wall to perform the NAT reflection required to make this work.

There are at least two ways to work around the problem.

1) On each LAN PC that needs to reach the local web server, create a hostname and private IP entry in the hosts file. To reach the web server use the hostname.

2) Enable the Services: DNS forwarder in m0n0wall, and add an override entry (as above) in the forwarder table. For this to work, your PCs must specify the m0n0wall LAN IP as the DNS server specification and you must provide or allow for DNS servers on the System: General setup page.

This issue which is a BUG needs more resources trying to fix this.  A Sonic Wall router or the like can do this with out extras.  This is something a ROUTER should be able to do natively.  Lets get some minds on this and figure out a simple way to make this work.

I want to do just this but I can not access my Web Server or Email server at my Static IP which has a Parked Domain name pointing to the Public IP.  I can understand if this was a dynamic dns.

I use a laptop on and off site so a hostname file is not a fix for this.  DNS Forwarding might work but I think there is a cleaner way to do this

This is not a bug. It is a limitation of the ipfilter implementation within FreeBSD that m0n0wall is based.

What you are talking about is a feature called port reflection, and it is not something m0n0wall supports.  This was done by choice as it does break things.  (It was decided to not support zero-ip config for the same reasons)  Instead, simply set up the internal DNSmasq to point to the internal address, while the public DNS points to the external address.

It actually is possible to achieve what you want, the docs are little outdated.

The 'correct' way to setup a server , is to put it in a DMZ. so in m0n0wall have a third NIC (physical or vlan) and use it for your server. A DMZ is the 'correct' setup as you have different levels of access lists, so if your server is compromised they don't get full access to your LAN.  see rationale http://en.wikipedia.org/wiki/DMZ_(computing)

If you take a DMZ approach, you can NAT from LAN to DMZ based on the external IP, so anyone on LAN accessing the public IP will work as you wish.  (create a nat rule, set source to be LAN and address to be wan interface).

as Fred and Lee have said, ipfliter (used in m0n0wall) doesn't do what you want. http://doc.m0n0.ch/handbook/faq-lannat.html .  It's not really a bug, as it was never expected to work and therefore isn't broken, it's actually a feature request for ipfilter
http://www.phildev.net/ipf/IPFprob.html#prob8