Firewall/NAT

Hello,

I have a cosmetic problem.

I run m0n0wall on a VM in a datacenter.
Simple 10.0.0.0 internal network and 20 IPv4 Adresses on the WAN side. Several Port Forwardings.

Everything works fine!

Here's the problem.
I can ping only the main WAN IPv4 Adress from the WAN side.
When I ping the other WAN IPv4 Adresse I get an answer from the Main IPv4 Adress that the host can not be reached.

Any Ideas?

Ping wird ausgeführt für 46.38.227.78 mit 32 Bytes Daten:
Antwort von 46.38.227.99: Zielhost nicht erreichbar.

Stefan

Have you allowed and forwarded ICMP?  Note that ICMP can only be forwarded with 1 to 1 NAT.

Have you allowed and forwarded ICMP?  Note that ICMP can only be forwarded with 1 to 1 NAT.

Hello,

think so, these are my first two rules on WAN
*    RFC 1918 networks    *    *    *    Block private networks
ICMP    *    *    *    *    PING 

This is my only rule on LAN
    *    LAN net    *    *    *    Default LAN -> any 

Stefan

So, that will allow you to ping the WAN IP.  Now how are you resolving the other IP addresses?  Are you using 1 to 1 NAT?

So, that will allow you to ping the WAN IP.  Now how are you resolving the other IP addresses?  Are you using 1 to 1 NAT?

Hello,

I entered the others IPs on the "Server NAT" because these are single IPs no ranges.

Stefan

OK.  The firewall is the gate, but NAT is the road.  For ping to work, you have to NAT icmp, as well as TCP/IP.  But 1 to 1 NAT is the only way I know to do that.  Server based NAT is 1 to many, and it has no way of knowing where to send ICMP.