[ previous ] [ next ] [ threads ]
 
 From:  "Danny Puckett" <dpuckett at comresource dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] m0n0wall frontend
 Date:  Fri, 7 Jan 2005 16:09:22 -0500
> -----Original Message-----
> From: John [mailto:strgout at unixjunkie dot com]
> Sent: Friday, January 07, 2005 3:55 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] m0n0wall frontend
> 
> On Fri, Jan 07, 2005 at 02:42:45PM -0500, Danny Puckett wrote:
> > I have a test network setup as follows.  I want to use m0n0wall as my
> >
> > front-end firewall performing NAT while using an ISA2004 as a backend
> >
> > firewall.  If I use the ISA server as a NAT (double NATing..bleh)
> everything
> >
> > works ok.  But when I change the ISA box to routing, then add a static
> route
> >
> > to the LAN interface of m0n0wall back to the 192.168.100.0/24 subnet,
> the
> >
> > Windows 2003 server can no longer perform DNS lookups.  I have tried
> most
> >
> > everything I can think of but the firewall log in m0n0wall shows that it
> is
> >
> > blocking DNS.  What is odd is that in the logs the DNS request looks
> like it
> >
> > goes out ok but the results are being blocked with my ISPs address
> listed on
> >
> > the LAN interface and not the WAN.  Can anyone tell me what I am doing
> >
> > wrong? Thanks.  dtp
> >
> >
> >
> >            1.2.3.4
> >
> >          -----------
> >
> >         |           |
> >
> >         | m0n0wall  |
> >
> >         |           |
> >
> >          -----------
> >
> >          192.168.2.1
> >
> >               |
> >
> >               |
> >
> >               |
> >
> >          192.168.2.2
> >
> >          -----------
> >
> >         |           |
> >
> >         |  ISA2004  |
> >
> >         |           |
> >
> >          -----------
> >
> >        192.168.100.254
> >
> >               |
> >
> >               |
> >
> >               |
> >
> >         192.168.100.1
> >
> >          -----------
> >
> >         |           |
> >
> >         |  W2K3DNS  |
> >
> >         |           |
> >
> >          -----------
> >
> >
> >
> >
> >
> You should paste the block line. Is it blocked in or out?
> What is the src and which is the dst?
> 
> Off hand it sounds like there is something wrong with the static route on
> the
> m0n0wall pointing back to 192.168.100.x. Maybe you put the gateway as the
> m0n0wall's ip when it should be the ISA2004 server.
> 


" Maybe you put the gateway as the m0n0wall's ip when it should be the
ISA2004 server."

OMG, I checked just to make sure and there is was staring me in the face.  

Thanks.  

*hides in shame*
smime.p7s (4.0 KB, application/x-pkcs7-signature)