6.3. Outbound NAT

By default, m0n0wall automatically adds NAT rules to all interfaces to NAT your internal hosts to your WAN IP address for outbound traffic. The only exception is for any hosts for which you have configured 1:1 NAT entries. Therefore, if you are using public IP addresses on any of the interfaces behind your m0n0wall (with the exception of bridged interfaces) you need to change m0n0wall's default NAT behavior by enabling advanced outbound NAT.

If you are using public IP addresses on all the interfaces behind your m0n0wall, check the "Enable advanced outbound NAT" box and click Save. Now nothing will be NAT'ed by m0n0wall.

If you have a public IP subnet off one of your interfaces behind m0n0wall and a private IP subnet behind another interface, you will need to enter your own NAT mappings on this screen. For example, if you have a LAN subnet of 192.168.1.0/24 and a DMZ subnet with public IP addresses, you will need to enable advanced outbound NAT, and click the plus at the bottom of this tab to add a NAT mapping for your LAN network. For this scenario, you will want to add a rule for interface WAN, source 192.168.1.0/24, destination any, target box blank, and enter a description of your choosing.

Note

If advanced outbound NAT is enabled in firmware 1.3 or higher, no outbound NAT rules will be automatically generated anymore. Instead, only the mappings you specify below will be used. With advanced outbound NAT disabled, a mapping is automatically created for each interface's subnet (except WAN) and any mappings specified below will be ignored. If you use target addresses other than the WAN interface's IP address, then depending on the way your WAN connection is setup, you may also need proxy ARP.