[ previous ] [ next ] [ threads ]
 
 From:  John <strgout at unixjunkie dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0wall frontend
 Date:  Fri, 7 Jan 2005 14:54:34 -0600
On Fri, Jan 07, 2005 at 02:42:45PM -0500, Danny Puckett wrote:
> I have a test network setup as follows.  I want to use m0n0wall as my
> 
> front-end firewall performing NAT while using an ISA2004 as a backend
> 
> firewall.  If I use the ISA server as a NAT (double NATing..bleh) everything
> 
> works ok.  But when I change the ISA box to routing, then add a static route
> 
> to the LAN interface of m0n0wall back to the 192.168.100.0/24 subnet, the
> 
> Windows 2003 server can no longer perform DNS lookups.  I have tried most
> 
> everything I can think of but the firewall log in m0n0wall shows that it is
> 
> blocking DNS.  What is odd is that in the logs the DNS request looks like it
> 
> goes out ok but the results are being blocked with my ISPs address listed on
> 
> the LAN interface and not the WAN.  Can anyone tell me what I am doing
> 
> wrong? Thanks.  dtp
> 
>  
> 
>            1.2.3.4
> 
>          -----------
> 
>         |           |
> 
>         | m0n0wall  |
> 
>         |           |
> 
>          -----------
> 
>          192.168.2.1
> 
>               |
> 
>               |
> 
>               |
> 
>          192.168.2.2
> 
>          -----------
> 
>         |           |
> 
>         |  ISA2004  |
> 
>         |           |
> 
>          -----------
> 
>        192.168.100.254
> 
>               |
> 
>               |
> 
>               |
> 
>         192.168.100.1
> 
>          -----------
> 
>         |           |
> 
>         |  W2K3DNS  |
> 
>         |           |
> 
>          -----------
> 
>  
> 
>  
> 
You should paste the block line. Is it blocked in or out? 
What is the src and which is the dst? 

Off hand it sounds like there is something wrong with the static route on the
m0n0wall pointing back to 192.168.100.x. Maybe you put the gateway as the
m0n0wall's ip when it should be the ISA2004 server.