Firewall/NAT

Hello everybody I need your help after reading lots of tutorials and guides. That's my home setup:

D Link ADSL modem/router ---> PC ---> m0n0wall router ---> INTERNET

LAN= 192.168.1.100 DHCP DISABLED
WAN= DHCP

Even if I set everything as it's written in the guides I read I can't get an open nat on both my consoles (XBOX and PS3). It's like the ports are not forwarded but they are (inbound and outbound rules created on m0n0wall).

May you please tell me what could be the problem?

The consoles can navigate on the internet btw, the problem is only the NAT.

Could it be the fact that there are 2 router before acceding the internet?


Thanks in advance

So, is the Dlink trying to do DHCP and NAT?  With dual NAT you will have issues.  You network also seems a bit needlessly complex.

Hi

I'll explain to you. I need m0n0wall to use its traffic shaping functions 'cus my router don't have 'em. And yes, the D Link use DHCP and NAT, could it be this the problem? How can I fix it?

Thanks 

Your network diagram makes no sense to me.

Can you tell me why?

This probably what you meant:

 INTERNET ---> D Link ADSL modem/router --->  m0n0wall router --->PC


You should put your modem/router into bridge mode and let m0n0wall take the public IP address.

Your network diagram didn't make sense to me either. The diagram Fred Grayson posted is probably what you have. Your ADSL modem/router is probably causing issues. You should allow only m0n0wall to provide the firewall, routing, DHCP etc. You will need to disable all routing that the ADSL modem/router is doing and have it pass through all the info to m0n0wall to do all the processing. So you would set your ADSL modem/router to bridge mode like Fred Grayson said.

I have an Xbox 360 that I was having issues with on Xbox Live. I would have either a strict or moderate NAT. The only way I was able to fix this in m0n0wall was to set it up so all outgoing ports were static instead of randomized.

It makes sense to me, now.  And it will not work as you intend.

You have all of you users connecting to the d-link.  It is aggregating them all behind one IP address (NAT) and passing it to m0n0wall for traffic shaping.  Since it is all the same IP, it is all the same priority, and you no longer can share bandwidth evenly.  (However, you can prioritize traffic)  I recommend dumping the d-link, or at least making it as stupid as possible. (No DHCP, no NAT, no WAN, just a AP and switch)  Let m0n0wall do thew DHCP and NAT and then m0n0wall will actually see individual clients and have some control.

Thanks everyone, you've been very helpful! Only one last question, after having transformed my D Link into a bridge (modem only) do I have to setup a static route inside it or I am able to go just by configuring m0n0wall?

Thanks again guys !

There is nothing to configure in a bridged modem, it does not operate at the IP layer.

Ok, one last question I SWEAR XD.
I have a PPPoE connection, so do I have to insert username and password in the Wan interface inside m0n0wall? I think yes, but I'd want a confirm...


Thx again 4 everything

Yes. Configure m0n0wall WAN interface for PPPoE and provide your username and password.