Just a heads up for anyone tearing their hair out over this one.
PROBLEM: After setting up monowall with no NAT, you can surf the web, but the websites hosted in your DMZ are inaccessible from the internet.
SOLUTION: For a No-NAT setup, see "Firewall: NAT: Outbound" and tick the box "Enable advanced outbound NAT". Ticking this box disables NAT (yes, really!) provided that you don't enter any NAT mappings.
OK, with that problem sorted, the next step is to try out IPV6. Recent versions of Monowall support IPV6 out of the box, and my ISP supports IPV6 over ADSL, so it's got to be worth a go.
Subscribe to:
Post Comments (Atom)
Posts
UPDATE: I now have native IPV6 working over UK ADSL (BT 20CN) using Monowall 1.32. The ISP is Andrews & Arnold - www.aaisp.net - who offer an amazing level of service, including support over IRC on Sundays.
ReplyDeleteI have a question for you. I want to implement monowall at my campus. One of the engineers there has a unix box that he uses for tunnels for other campuses, and what he uses to NAT into the IT lab. I am considering putting monowall between him and the lab, but was stressing because of NAT and using the WAN interface to connect to his box. With what you suggest, I could essentially check that box and monowall would essentially be using the WAN interface as if it were another OPT interface? Or would I run into issues talking to private networks through the WAN?
ReplyDeleteWould it be easier to just use multiple OPT interfaces and forget about the WAN (sacrificing a NIC)? What do you think?
xtropx: Yes that's fine - you can just turn off NAT and it should just work. Monowall is capable of full routing functions as well as firewalling. It can also do IPSEC VPN tunnels if that's what you need.
ReplyDelete