[ previous ] [ next ] [ threads ]
 From:  JSimoneau at lmtcs dot com
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Rule set to allow, traffic blocked
 Date:  Tue, 9 Nov 2004 13:59:50 -0500

In summary:

Rule says allow all traffic from IP to anywhere on the LAN. Firewall log
shows packets from the IP being blocked.

Long Story:

One of my customers is attempting to connect to their online Fax service
called Ring Central. Ring Central says we must open up a couple of ports
on our firewall to allow traffic in, and that's it. The client side (my
customer) initiates this connection.

The rule on my WAN interface is set to allow any protocol, from this IP
address, from any port, going to the LAN network, on any port. This is the
first rule in my set, so it should be allowing all traffic from this IP
in. I also have it set to allow fragmented packets.

My customer is unable to connect to their fax service. When viewing the
firewal log, there is a long list of blocked packets from the specific IP
address I allowed, going to various IP's on the LAN subnet.

If I setup NAT, to direct the two ports specified by the Ring Central
folks to one machine on the network, everything works fine. Unfortunately,
all machines need this service, so I cannot NAT to just this one.

We have over fifteen m0n0walls running and I've come across lots of
challenging things, but this is one I cannot figure out! Previous to this
m0n0wall, the customer used a standard Linksys router, which Ring Central
ran fine with. So I can't imagine the solution to this is terribly
complex. The Linksys router is not usable right now.

Josh Simoneau