NAT 1:1 only for outbound, standard port forward for inbound help



  • Hi ive been reading the monowall manual pages, the search feature and the wikkis and for my life i either cant understand or dont know how to acomplish the following, seems simple enough but ive tried a bunch of ideas and none seem to work.

    I have a couple of servers inside the LAN that have mapped virtual IPs on the WAN.

    What im trying to do is the following:

    I know setting these as 1:1 nats would basically what i want to do, however setting them as 1:1 would ALSO basically DMZ the servers and thats exactly what im trying to avoid, i DO want ANY trafic generated from that specific machine to match a certain specific public IP when the traffic is going out (like say i log on to www.whatsmyip.com and that specific servers virtual IP shows up) but when people try to connect back to this IP i dont want any other connections except the ones set up on the port forwarding to go through.

    How would I go about acomplishing this? any help would be apreciated :/

    as a little help this should help explain what im trying to do

    when Server A (192.168.4.250) tries to connect somewhere its "public" ip shows up as 200.200.200.250
    However when someone tries to connect to 200.200.200.250 the port forward should route any packets on ONLY port 80 to Server B (192.168.4.240). technically if i were to 1:1 nat when someone connected back to 200.200.200.250 it would get sent to 192.168.4.250 and not to 192.168.4.240 and thats the problem :/

    I hope this explains it a bit better.



  • when Server A (192.168.4.250) tries to connect somewhere its "public" ip shows up as 200.200.200.250
    However when someone tries to connect to 200.200.200.250 the port forward should route any packets on ONLY port 80 to Server B (192.168.4.240). technically if i were to 1:1 nat when someone connected back to 200.200.200.250 it would get sent to 192.168.4.250 and not to 192.168.4.240 and thats the problem :/

    If i understand you correctly you want the VIP 200.200.200.250 to point to LAN IP 192.168.4.240 and the only thing you haven't done so fare is setting up NAT -> Outbound -> Manual Outbound NAT
    WAN  192.168.4.240/32  *  *  *  200.200.200.250  *  NO


Log in to reply