[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Don Munyak <don dot munyak at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Lost inbound traffic to webservers
 Date:  Mon, 28 Mar 2005 10:54:07 -0500
On Mon, 28 Mar 2005 10:08:02 -0500, Don Munyak <don dot munyak at gmail dot com> wrote:
> All of a sudden we lost the ability for inbound traffic to webserver.
> m0n0wall 1.1 running on pc workstation
> webserver traffic setup using NAT 1:1
> Rules allow only http/https
> 
> This was running fine Saturday night.
> 
> I setup as a test to ping the dedicated m0n0wall WAN IP with ICMP
> I can ping the WAN IP.
> 
> I allowed ICMP for one of the webser IP
> ICMP times out
> 
> For and IP I am using NAT 1:1 for a webserver, when I PING that
> interface, ICMP times out and monowall does not report a firewall rule
> log.
> 
> From a console session into the border router, trying to PING a
> webserver IP that I am allowing in the rules, the consol ping times
> out.
> 
> From a console session into the border router, trying to PING a
> webserver IP that I am NOT allowing in the rules, the consol ping
> times out AND m0nwall does not report a firewall rule in the log file
> 
> It's like, now that there are employees in the building, NAT 1:1
> stopped working.
> The m0n0wall doesn't appear to translating the additional IP's any more.
> There is also now a lot of traffic showing up in the log for the
> monowall WAN IP.
> 

If I understand correctly, you can't ping from m0n0wall to the DMZ
servers, and can't ping from the DMZ servers to the OPT interface. 
Sounds like you've lost link between the switch with the servers and
m0n0wall.  Check your cabling, NIC, and link lights.

-Chris