General Questions

The firewall rules are fine.

The NAT is off.  Kill the rule you created, and leave Advanced Outbound NAT enabled.  Details here.
http://doc.m0n0.ch/handbook-single/#id11630453

Kill all the static routes.  m0n0wall does not need them.  It knows both 192.168.x.x networks, and has a default gateway.  It is the ISP router that needs the static routes.  As a test, you can set the default route of PC1 to the m0n0wall router, but nothing else will find it...

Hi Lee!

Thanks for the confirmation regards rules.

'Kill the rule you created' are you speaking of the mapping I created below of 'WAN 192.168.0.0/24' ??

If I delete this mapping, then nothing on the 192.168.0.0 network can connect to the Internet.

Could you please correct me if I have misunderstood.

Thanks

Some clarification required.

From here

http://doc.m0n0.ch/handbook-single/#id11630453

Therefore, if you are using public IP addresses on any of the interfaces BEHIND your m0n0wall you need to change m0n0wall's default NAT behavior by enabling advanced outbound NAT

The word 'behind' in this context. Is this not referring to interfaces set up IN the m0n0wall rather than to interfaces EXTERNAL to the m0n0wall (Answer please, yes or no)?

If my understanding is correct, and as I am NOT using any PUBLIC IP on any interfaces behind the m0n0wall why do we have to enable the advanced outbound NAT feature ?

To answer my own question, you are telling me to enable 'advanced outbound NAT' as this turns off NAT, correct  (Answer please yes or no)?

Now...... If the above is correct, i.e. behind the m0n0wall refers to interfaces in the m0n0wall AND enable 'advanced outbound NAT' turns off NAT, are we not 'bending the rules' by using 'advanced outbound NAT' since WE ARE NOT using PUBLIC IP's on any interface behind the m0n0wall ??

It looks to me that anything forwarded to 192.168.1.254 from 192.168.1.1 is getting blocked.

I can see in the firweall log entries related to 192.168.1.254 that are shown as being blocked.

I will post a picture of the log when I am back in the office.

Hope someone can answer the questions posed in this post.

Thanks

 

Some progress !!

Well ofcourse as per usual, something that I should have realised but didnt.

The PC (192.168.1.5) that I was using to try to access the 192.168.0.0 network is a Windows Server 2003 OS, and ofcourse I forgot that by default that the inbuilt firewall is locked down.

 

I tried testing from a Windows XP PC which ofcourse has default firewall rules that allow access to ping etc and I am now able to ping both 192.168.0.1 and 192.168.1.254

 

Now I am just trying to work out how I can get requests directed to resources to reach the intended destination.

I.e.

If I try to access a network share I am not reaching it.

For example

Open a explorer window PC1 (192.168.1.3) and type \\192.168.0.254 I accept to get a login prompt for this PC, but just get a timeout message.

Is this correct ?

-- EDIT --

OK worked it out, just added to

NAT --> Inbound --> A rule for all ports on the WAN with NAT IP of the resource I want to access (i.e. 192.168.0.254).

-- EDIT 2 --

Actually, am I going about this the wrong way ?

As if I wish to add another PC to the inbound NAT rules I am going to have issues with the ports I can assign as they cannot overlap.

So what is the 'correct' way of doing this ?

OK,
By default basic outbound NAT is enabled, and no inbound NAT is enabled.  By "enabling" advanced outbound NAT, you are saying "Do not use the default rules, use these instead" and if you define no rules, then there is no outbound NAT.  And if you define no inbound NAT, there is no NAT there either.

Now, if you can ping, routing is working.  Other services will be either firewall or name resolution.  You may have to play with WINS, among other things.  Also, Windows does not like it when the Active Directory server is not DNS.

So, remove all NAT rules, and get ping and traceroute working.  Then start on the other stuff.