In New Zealand, due to our older telecommunications infrastructure, many people are using ADSL (opens new window) for their broadband internet connections, which uses the older copper-based telephone lines for transmission. This means slower speeds and in my case problematic internet configurations. Specifically, I was trying to setup a web server (opens new window) that could be accessed over the internet. Our network configuration at work is as follows: we have an ADSL router with 2 network interfaces, a WAN interface (which we’ll call r-eth0) and a LAN interface (which we’ll call r-eth1). We also have a m0n0wall (opens new window) firewall with 2 interfaces, which we’ll call fw-eth0 and fw-eth1. r-eth0 has a public internet address (assigned by the ISP), both r-eth1 and fw-eth0 are on the same subnet, and fw-eth1 is connected to our internal company network (a separate subnet). The web server is on the same subnet as fw-eth1 (our internal company network), and NAT is enabled on the ADSL router and is port-forwarding web traffic (TCP Port 80 (opens new window)) through to the IP address of the web server. The problem was that when people would try and open a website on the web server, it would just sit there and eventually timeout. The m0n0wall firewall logs indicated that the web traffic was successfully getting to the web server but traffic from the web server back out to the internet was being blocked. This was when I worked out that the cause of the problem was the firewall. A big thanks to Kent Brown Lee of Connect Logic here as he spent a lot of time helping me resolve this problem and eventually determined that as the m0n0wall firewall has inbuilt NAT (opens new window), the outbound connections from the web server were being ‘double-NATed’. To stop this occuring we turned on 'Advanced Outbound NAT’ on the m0n0wall firewall and now people can access the website over the internet.