General Questions

Hello All,

I have been trying to configure a server NAT setup following: http://doc.m0n0.ch/handbook/faq-ipalias.html

I have a /27 IP space setup on a switch port by my provider. The first IP is the gateway (x.x.x.33/27). The second ip (x.x.x.34/27) is the m0n0wall WAN port.

What I have configured is a server NAT IP of x.x.x.35/27 and a proxy ARP entry for this IP. I then configured 2 firewall entries to allow ICMP echo and ICMP echo reply to my WAN IP addresses.

I can ping x.x.x.34. But I cannot ping x.x.x.35. Also when I check the ARP table of my switch which is uplinked to my provider, the only ARP entry I see is for x.x.x.34 and x.x.x.36 (a test server on the public switch VLAN).

Am I missing something? Any other testing I should try? Checked archives. But couldn't find any Server NAT issues.

EDIT: Forgot to mention this is on a WRAP board with 3 ethernet, 256MB CF, and 128MB RAM.

You won't be able to ping those IP's, they aren't assigned to anything that'll answer ICMP, unless you use them for 1:1 NAT and allow ICMP. If you use Server NAT to open ports, that'll work.

OK, That makes sense. So should a better test be to put an actual machine behind the firewall and then setup 1:1 NAT?

I did this and it also does not work. I put a machine which responds to ICMP and HTTP on the OPT1 interface/subnet. I then created a 1:1 NAT entry for the new external IP/32 to the OPT1 internal IP/32. Ping and HTTP to the external IP do not get to the OPT1 machine.

I also added a firewall entry for the WAN to allow ICMP and HTTP to the OPT1 subnet. I assume that a firewall entry is needed on the WAN to get to the OPT1 interface. I also tried a WAN entry from any to any.

What else can I test?

You're probably trying from inside the firewall, which isn't going to work (see FAQ). It probably works from outside the firewall.