[ previous ] [ next ] [ threads ]
 
 From:  Christiaens Joachim <jchristi at oce dot be>
 To:  "'Greg Sims'" <greg underscore sims at earthlink dot net>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Network Access from Dial-Up: Plan B
 Date:  Sat, 25 Oct 2003 10:55:52 +0200
-----Original Message-----
From: Greg Sims [mailto:greg underscore sims at earthlink dot net]
Sent: donderdag 23 oktober 2003 18:40
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Network Access from Dial-Up: Plan B


Thank-you to those who helped me get a modem to PPTP connection established
into m0n0wall.  I was able to establish the connection but the performance
is such that the interface is not usable.  I need to move on to "Plan B".

My Plan B is to open a port on the firewall that passes traffic to a
specific host on the LAN interface of m0n0wall.  I thought I would start
with a Big hole in the firewall just to get started and limit the size of
the firewall hole as I gain experience.

I added the following rule to the firewall:

Interface=WAN, Protocol=any, Source=any, Source Port=n/a,
	Destination=Single Host/192.168.0.3, Destination Port=n/a,
Fragment=null

My understanding is this should redirect any traffic that originates on the
WAN to host 192.168.0.3.

>> This is wrong. This only opens a hole (a big one :), but it does not
>> redirect the traffic (and since private ranges are not routed over the
>> internet, you will not be able to use the internal address as a
destination
>> for ex. a ping). In firewall > NAT > Inbound, you'll have to add a NAT
rule
>> that redirects a PORT or PORT RANGE to your internal server.
>> To do this, you would have to know which services you want to make
>> available to the internet, and look up their port numbers.
>> Joachim

The WAN interface to m0n0wall is a static ip address, let's call it
123.456.789.1.

I first tested host 192.168.0.3 from the LAN side of the network with a ping
which worked.  I then shut down my LAN connection and used a modem to
connect to the internet. I issued the following command: "ping
123.456.789.1".  I believe this ping should be redirected to the 192.168.0.3
host on the LAN side of m0n0wall.  This host (192.168.0.3) should be able to
respond to the ping as there is also a firewall rule that allows the LAN to
go anywhere:

Interface=LAN, Protocol=any, Source=any, Source Port=n/a,
	Destination=any, Destination Port=n/a, Fragment=null

Unfortunately I receive a Ping timeout when I ping the WAN IP address from
the Internet via modem.

Any ideas you have getting this sorted out would be appreciated!

Greg



---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch


-----------------------------------------------
MISSION STATEMENT 
-----------------------------------------------

effectively by offering innovative print and document management products
and services for professional environments.

-----------------------------------------------
DISCLAIMER 
-----------------------------------------------
This e-mail message and any attachment are intended for the sole use of the
recipient(s) named above and may contain information which is confidential
and/or protected by intellectual property rights.
Any use of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any form) by
other persons than the designated recipient(s) is prohibited.

If you have received this e-mail in error, please notify the sender either
by telephone (0032-2-729.48.11) or by e-mail and delete the material from
any computer.
Oce-Belgium/Oce-Interservices is nor responsible for the correct and
complete transfer of the contents of the sent e-mail, neither for the
receipt on due time.  This e-mail message does not bring about a contractual
obligation for Oce-Belgium/Oce-Interservices.

Thank you for your cooperation.

For further information about Oce-Belgium/Oce-Interservices please see our
website at www.oce.be

-----------------------------------------------