Can't have NAT for a port range to multiple internal IPs?

[imzjustplayin]

I was busy configuring my m0n0wall installation which BTW is running a lot better now since I've gotten more used to the system but I still have a few questions. I noticed that while the firewall rules allow for WAN port forwarding to a whole Lan subnet (which I've been doing for the most part), I noticed that this isn't the case for Network Address Translation. On some crappy consumer routers I've worked with, they supported port triggering, which means that what ever system requests that port within the network, they get it. Well I was wondering then, why can't I have this function with m0n0wall? Why is it not possible to have NAT translate a port range into multiple internal IP addresses?


I ask this question because lets say I'm using port 16567 (used in BF2) and I have NAT translate for that port into 192.168.0.184 (the internal IP for the computer using BF2). Now lets say a friend also wants to play BF2 and hes connecting to the same server, what I'd do is add in a NAT entry for his IP as well so that the port is forwarded to his system as well, thing is, m0n0wall won't let me do this. Is this an issue with m0n0wall or is this just not possible? Are two machines within a network not able to share the same port? How come I don't have to turn on NAT for port 80 but I do for these ports?

 

[Eickst]

Why not just open the port in the firewall rules and don't forward it anywhere.

 

[imzjustplayin]

Hmm, well then what would be the point of NAT then unless I had to enable it? I was under the impression that inorder for the rule to work, you need to forward the ports via NAT. IIRC I tried just opening the ports via the rules and not using NAT but I believe it didn't work..

 

[Nacho]

Well first off, afaik BF2 doesnt require a port opened to play on anything unless your running your own server (which then is only the server ip anyway), so the need to open multiple ports isnt there.

And as a general issue, no, most firewalls dont allow opening the same port to multiple ip's.

 

[imzjustplayin]

Well first off, afaik BF2 doesnt require a port opened to play on anything unless your running your own server (which then is only the server ip anyway), so the need to open multiple ports isnt there.

And as a general issue, no, most firewalls dont allow opening the same port to multiple ip's.

Well I believe you should forward your ports because I was getting a ping of 175 with nothing else on the network and when I forwarded the ports the server was currently using, my ping dropped down to 20.. So I believe its necessary. I even tried it my self disabling the rule and enabling it, every time I disabled it, it shot back up to 175+ and when I reenabled it it went back down to 20-30...

 

[Eickst]

monowall has SPI so it shouldn't be necessary.

 

[imzjustplayin]

Is SPI a default characterisitc of m0n0wall? You still need NAT to be going on, no? If its not a default characteristic, how do I enable it? I've tested it again and when ever I don't have NAT enabled, utorrent says that the port isn't open every time I do a test, soon as I enable NAT for that port to a specific IP, it works..