Firewall/NAT

Hey there,

I have done some searching and have yet to find a solid solution to my problems...

I am new to m0n0wall and so far have been very impressed...

My problem is that for some reason, I have yet to be able to forward any ports from an external location to a specific server on my internal network.

Basically... I have tried forwarding HTTP, FTP and SSH ports to my webserver on my internal network.

WAN Address is dynamic - using dyndns updating
Gateway (m0n0) - 192.168.1.1
Webserver - 192.168.1.50 - Ubuntu Server with Static IP set (to 192.168.1.50) - also tried it on DHCP

Originally I had attempted to create the rule (just http) and it would not work. So I deleted it and re-created it. Still nothing.
While looking around, I attempted to create a rule in the inbound NAT rules. It created successfully as well as automatically created a firewall rule for the port forwarding...
.....Still nothing

Here is what I have so far for rules (http only):
NAT Inbound:    
WAN    TCP    80 (HTTP)    192.168.1.50    80 (HTTP)

And that automatically created the following WAN Rule:
TCP/UDP      *      80 (HTTP)      192.168.1.50      80 (HTTP)

No matter what, I cannot access the server aside from manually typing in the INTERNAL address...
The DynDNS address nor the WAN IP does not bring it up (internally or externally)...

Any ideas? Have I missed some sort of option that needs to be enabled to allow rules to become in effect?

If it matters, theres one other firewall rule but that came with the firewall:
*     RFC 1918 networks     *     *     *

This may seem a silly question, but how are you trying to test it?  You won't be able to access via the dyndns address from the LAN.  Your rules seem quite correct.

Well, I have tried it from inside the LAN and then I read the comment in the WebGUI regarding the inability to access the dyndns address internally.

I have tried to from an external location after reading it and it still does not work. I'm not sure what to say...

As for accessing the address internally, how come we cannot access the WAN address internally? The firewall blocks incoming connections that are the same as their WAN address?

You need inbound NAT and appropriate firewall rules. If it's not getting through, check your firewall logs for drops. If nothing shows there, enable logging on your WAN firewall rules and try it from the Internet again to see if it shows it getting passed.

re: your other question.
http://doc.m0n0.ch/handbook/faq-lannat.html

I can't do it either.    I'm using the webGUI configuration.

Can anyone just make a walkthrough?  like:

1) click on 'Rules' under firewall
2) do this *

I can access my ftp locally from any machine so I know the ftp is working.  I just have no idea how to properly forward a port to the ftp server 

Sorry to be such a n00b, but I don't understand half of the options or settings.

Nevermind! 

I was adding the rule to 'rules' only and not the NAT (which adds the rule to 'Rules' for you automatically)

Thanks anyway

Hi,

 I have the same issue, I have tested m0n0wall in vmware enviroment and the port forward is not working.
I create this NAT Inbound rule:

If     Proto     Ext. port range     NAT IP                 Int. port range       Description     
WAN    TCP    3389         192.168.10.2       3389                      rdp test

I have checked auto add rule:

Proto     Source     Port     Destination     Port     Description     
        
TCP    *    *    192.168.10.2    3389    NAT rdp test

WAN ip: 192.168.253.244  (Certainly I unset Block Private Networks)
LAN ip:  192.168.10.1

I am using the most recent version of m0n0wall (1.31).

Can anybody help me please?

Thank you in advance

I had trouble port forwarding and I was frustrated for quite a while on the topic of how m0nowall dealt with port forwarding.  In my case, it was setup properly and working fine.  Later on I needed to change the LAN address of the device I was trying to get to through the port forwarding setup on the router.  This is where the fun began, the process should have been easy enough, I simply updated the IP address in the Alias listings and the rules that referenced the device would be updated.  However, that didn't happen.  What I ended up doing was removing all of the NAT references and the Rules for IPv4 and started fresh.  As soon as I entered the information fresh, things worked perfectly.  I wanted to detail this in the hopes that others might have a easier time in this similar situation.