Re: [m0n0wall] Accessing public IP behind firewall.

From:	"John ." <jvoigt at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Accessing public IP behind firewall.
Date:	Fri, 3 Dec 2004 16:59:23 -0500
Perhaps in the "DNS Forwarder" section under "Services" you should add
10.0.0.9 mail.example.com?



On Fri, 3 Dec 2004 11:40:08 -0800, Morgan O'Neal <ghostbyte at gmail dot com> wrote:
> My company recently moved our mail server behind our m0n0wall firewall
> but we are having problems connecting to the public ip from behind the
> firewall.
> 
> Problem:
> Can't send  mail to public IP from behind the firewall. Clients must
> stay behind the firewall. Using the host file on each server to point
> to the mail server for each client is not an option. example
> "10.0.0.9       mail.example.com"
> 
> Client setup:
> Client Public IP        xxx.xxx.xxx.100
> Client Private IP       10.0.0.100
> Client domain           example.com
> Client server           Server1 (10.0.0.10)
> Mail server domain      mail.example.com
> Mail server public ip   xxx.xxx.xxx.9
> Mail server private ip  10.0.0.9
> 
> Mm0n0wall NAT:
> xxx.xxx.xxx.9/32 -> 10.0.0.9
> xxx.xxx.xxx.10/32 -> 10.0.0.10
> ...
> 
> Example of telnet mail session:
> Server1# host example.com
> example.com.com has address xxx.xxx.xxx.100
> example.com mail is handled (pri=10) by mail.example.com
> Server1# telnet mail.example.com 25
> Trying xxx.xxx.xxx.9...
> telnet: connect to address xxx.xxx.xxx.9: No route to host
> telnet: Unable to connect to remote host
> 
> Other information:
> Server1# ping xxx.xxx.xxx.9
> PING xxx.xxx.xxx.9 (xxx.xxx.xxx.9): 56 data bytes
> 36 bytes from 10.0.0.1: Destination Host Unreachable
> Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
>  4  5  00 5400 6444   0 0000  40  01 5ee1 10.0.0.10  xxx.xxx.xxx.9
> 
> Server1# ping 10.0.0.9
> PING 10.0.0.9 (10.0.0.9): 56 data bytes
> 64 bytes from 10.0.0.9: icmp_seq=0 ttl=64 time=0.248 ms
> 64 bytes from 10.0.0.9: icmp_seq=1 ttl=64 time=0.131 ms
> 64 bytes from 10.0.0.9: icmp_seq=2 ttl=64 time=0.138 ms
> 
> Example Network:
>                    +-----------+
>                    | m0n0 wall |
>                    | 10.0.0.1  |
>                    +-----------+
>                          |
>                          |
>                     +---------+
>                     | Switch  |
>                     +---------+
>                   _/     |    \_
>                 _/       |      \_
>                /         |        \
> +-------------+  +--------------+  +--------------+
> | Mail server |  | Web server 1 |  | Web server 2 |
> |  10.0.0.9   |  |  10.0.0.10   |  |  10.0.0.11   |
> +-------------+  +--------------+  +--------------+
> Lots more web servers but i'm not the fastest a ascii art.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>