[ previous ] [ next ] [ threads ]
 
 From:  "David Cavanaugh" <dcavanaugh at thewebpros dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Just need some clarification (or I need some had-holding)
 Date:  Tue, 29 Mar 2005 10:43:06 -0500 
The non-working config

<?xml version="1.0" ?> 
- <m0n0wall>
  <version>1.4</version> 
- <system>
  <hostname>m0n0wall</hostname> 
  <domain>local</domain> 
  <username>admin</username> 
  <password>$1$fmCEUCms$D43ePTxQ45EYXu7.sytDY1</password> 
  <timezone>Etc/UTC</timezone> 
  <time-update-interval>300</time-update-interval> 
  <timeservers>pool.ntp.org</timeservers> 
- <webgui>
  <protocol>http</protocol> 
  <port /> 
  </webgui>
  <dnsserver>192.168.1.10</dnsserver> 
  <dnsserver>216.229.224.5</dnsserver> 
  </system>
- <interfaces>
- <lan>
  <if>xl0</if> 
  <ipaddr>192.168.1.1</ipaddr> 
  <subnet>24</subnet> 
  </lan>
- <wan>
  <if>xl2</if> 
  <mtu /> 
  <blockpriv /> 
  <spoofmac /> 
  <ipaddr>216.229.224.70</ipaddr> 
  <subnet>24</subnet> 
  <gateway>216.229.224.1</gateway> 
  </wan>
- <opt1>
  <if>xl1</if> 
  <descr>DMZ</descr> 
  <ipaddr>10.0.0.1</ipaddr> 
  <subnet>24</subnet> 
  <bridge /> 
  <enable /> 
  </opt1>
  </interfaces>
  <staticroutes /> 
  <pppoe /> 
  <pptp /> 
  <bigpond /> 
- <dyndns>
  <type>dyndns</type> 
  <username /> 
  <password /> 
  <host /> 
  <mx /> 
  </dyndns>
- <dhcpd>
- <lan>
  <enable /> 
- <range>
  <from>192.168.1.101</from> 
  <to>192.168.1.200</to> 
  </range>
- <staticmap>
  <mac>00:0D:61:4F:A1:7B</mac> 
  <ipaddr>192.168.1.10</ipaddr> 
  <descr>EXCHSRVR</descr> 
  </staticmap>
- <staticmap>
  <mac>08:00:09:D1:F2:4F</mac> 
  <ipaddr>192.168.1.20</ipaddr> 
  <descr>HP LaserJet 5Si</descr> 
  </staticmap>
- <staticmap>
  <mac>00:C0:85:29:1A:4C</mac> 
  <ipaddr>192.168.1.21</ipaddr> 
  <descr>Canon ImageRUNNER 400s</descr> 
  </staticmap>
- <staticmap>
  <mac>00:30:C1:7A:2E:00</mac> 
  <ipaddr>192.168.1.30</ipaddr> 
  <descr>HP ProCurve 4000m</descr> 
  </staticmap>
- <staticmap>
  <mac>00:06:25:F0:CE:61</mac> 
  <ipaddr>192.168.1.31</ipaddr> 
  <descr>Linksys BEFW11S4</descr> 
  </staticmap>
  <defaultleasetime /> 
  <maxleasetime /> 
  </lan>
- <opt1>
- <range>
  <from>10.0.0.11</from> 
  <to>10.0.0.19</to> 
  </range>
  <defaultleasetime /> 
  <maxleasetime /> 
  <enable /> 
- <staticmap>
  <mac>00:10:5A:0D:B3:AD</mac> 
  <ipaddr>10.0.0.2</ipaddr> 
  <descr>STCDEV</descr> 
  </staticmap>
- <staticmap>
  <mac>00:60:08:39:5C:FB</mac> 
  <ipaddr>10.0.0.3</ipaddr> 
  <descr>STC</descr> 
  </staticmap>
- <staticmap>
  <mac>00:0C:6E:80:90:AF</mac> 
  <ipaddr>10.0.0.5</ipaddr> 
  <descr>PRODUCTION</descr> 
  </staticmap>
- <staticmap>
  <mac>00:10:5A:07:15:E3</mac> 
  <ipaddr>10.0.0.8</ipaddr> 
  <descr>MAIL</descr> 
  </staticmap>
- <staticmap>
  <mac>00:10:5A:07:15:7E</mac> 
  <ipaddr>10.0.0.10</ipaddr> 
  <descr>SERVER</descr> 
  </staticmap>
- <staticmap>
  <mac>08:00:4E:A1:22:78</mac> 
  <ipaddr>10.0.0.32</ipaddr> 
  <descr>3Com SuperStack</descr> 
  </staticmap>
  <winsserver>216.229.224.79</winsserver> 
  <winsserver>216.229.224.4</winsserver> 
  </opt1>
  </dhcpd>
- <pptpd>
  <mode>server</mode> 
  <redir /> 
  <localip>192.168.1.11</localip> 
  <remoteip>192.168.1.32</remoteip> 
- <radius>
  <enable /> 
  <server>192.168.1.10</server> 
  <secret>Golf4l|f</secret> 
  </radius>
  </pptpd>
- <dnsmasq>
  <enable /> 
  </dnsmasq>
- <snmpd>
  <syslocation /> 
  <syscontact /> 
  <rocommunity>public</rocommunity> 
  </snmpd>
- <diag>
- <ipv6nat>
  <ipaddr /> 
  </ipv6nat>
  </diag>
  <bridge /> 
  <syslog /> 
- <nat>
- <servernat>
  <ipaddr>216.229.224.71</ipaddr> 
  <descr>EXCHSRVR</descr> 
  </servernat>
- <servernat>
  <ipaddr>216.229.224.72</ipaddr> 
  <descr>STCDEV</descr> 
  </servernat>
- <servernat>
  <ipaddr>216.229.224.73</ipaddr> 
  <descr>STC</descr> 
  </servernat>
- <servernat>
  <ipaddr>216.229.224.75</ipaddr> 
  <descr>PRODUCTION</descr> 
  </servernat>
- <servernat>
  <ipaddr>216.229.224.78</ipaddr> 
  <descr>MAIL</descr> 
  </servernat>
- <rule>
  <external-address>216.229.224.71</external-address> 
  <protocol>tcp</protocol> 
  <external-port>80</external-port> 
  <target>192.168.1.10</target> 
  <local-port>80</local-port> 
  <interface>wan</interface> 
  <descr>EXCHSRVR HTTP</descr> 
  </rule>
- <rule>
  <external-address>216.229.224.71</external-address> 
  <protocol>tcp</protocol> 
  <external-port>443</external-port> 
  <target>192.168.1.10</target> 
  <local-port>443</local-port> 
  <interface>wan</interface> 
  <descr>EXCHSRVR HTTPS</descr> 
  </rule>
- <rule>
  <external-address>216.229.224.71</external-address> 
  <protocol>tcp</protocol> 
  <external-port>6001</external-port> 
  <target>192.168.1.10</target> 
  <local-port>6001</local-port> 
  <interface>wan</interface> 
  <descr>EXCHSRVR RPC</descr> 
  </rule>
- <rule>
  <external-address>216.229.224.71</external-address> 
  <protocol>tcp</protocol> 
  <external-port>6002</external-port> 
  <target>192.168.1.10</target> 
  <local-port>6002</local-port> 
  <interface>wan</interface> 
  <descr>EXCHSRVR RPC</descr> 
  </rule>
- <rule>
  <external-address>216.229.224.71</external-address> 
  <protocol>tcp/udp</protocol> 
  <external-port>25</external-port> 
  <target>192.168.1.10</target> 
  <local-port>25</local-port> 
  <interface>wan</interface> 
  <descr>EXCHSRVR SMTP</descr> 
  </rule>
- <rule>
  <external-address>216.229.224.72</external-address> 
  <protocol>tcp</protocol> 
  <external-port>21</external-port> 
  <target>10.0.0.2</target> 
  <local-port>21</local-port> 
  <interface>wan</interface> 
  <descr>STCDEV FTP</descr> 
  </rule>
- <rule>
  <external-address>216.229.224.72</external-address> 
  <protocol>tcp</protocol> 
  <external-port>22</external-port> 
  <target>10.0.0.2</target> 
  <local-port>22</local-port> 
  <interface>wan</interface> 
  <descr>STCDEV SSH</descr> 
  </rule>
- <rule>
  <external-address>216.229.224.72</external-address> 
  <protocol>tcp</protocol> 
  <external-port>80</external-port> 
  <target>10.0.0.2</target> 
  <local-port>80</local-port> 
  <interface>wan</interface> 
  <descr>STCDEV HTTP</descr> 
  </rule>
- <rule>
  <external-address>216.229.224.72</external-address> 
  <protocol>tcp</protocol> 
  <external-port>443</external-port> 
  <target>10.0.0.2</target> 
  <local-port>443</local-port> 
  <interface>wan</interface> 
  <descr>STCDEV HTTPS</descr> 
  </rule>
- <rule>
  <external-address>216.229.224.72</external-address> 
  <protocol>tcp/udp</protocol> 
  <external-port>3306</external-port> 
  <target>10.0.0.2</target> 
  <local-port>3306</local-port> 
  <interface>wan</interface> 
  <descr>STCDEV MYSQL</descr> 
  </rule>
- <rule>
  <external-address>216.229.224.73</external-address> 
  <protocol>tcp</protocol> 
  <external-port>21</external-port> 
  <target>10.0.0.3</target> 
  <local-port>21</local-port> 
  <interface>wan</interface> 
  <descr>STC FTP</descr> 
  </rule>
- <rule>
  <external-address>216.229.224.73</external-address> 
  <protocol>tcp</protocol> 
  <external-port>22</external-port> 
  <target>10.0.0.3</target> 
  <local-port>22</local-port> 
  <interface>wan</interface> 
  <descr>STC SSH</descr> 
  </rule>
- <rule>
  <external-address>216.229.224.73</external-address> 
  <protocol>tcp</protocol> 
  <external-port>80</external-port> 
  <target>10.0.0.3</target> 
  <local-port>80</local-port> 
  <interface>wan</interface> 
  <descr>STC HTTP</descr> 
  </rule>
- <rule>
  <external-address>216.229.224.73</external-address> 
  <protocol>tcp</protocol> 
  <external-port>443</external-port> 
  <target>10.0.0.3</target> 
  <local-port>443</local-port> 
  <interface>wan</interface> 
  <descr>STC HTTPS</descr> 
  </rule>
- <rule>
  <external-address>216.229.224.75</external-address> 
  <protocol>tcp</protocol> 
  <external-port>80</external-port> 
  <target>10.0.0.5</target> 
  <local-port>80</local-port> 
  <interface>wan</interface> 
  <descr>PRODUCTION HTTP</descr> 
  </rule>
- <rule>
  <external-address>216.229.224.75</external-address> 
  <protocol>tcp</protocol> 
  <external-port>443</external-port> 
  <target>10.0.0.5</target> 
  <local-port>443</local-port> 
  <interface>wan</interface> 
  <descr>PRODUCTION HTTPS</descr> 
  </rule>
- <rule>
  <external-address>216.229.224.78</external-address> 
  <protocol>tcp</protocol> 
  <external-port>22</external-port> 
  <target>10.0.0.8</target> 
  <local-port>22</local-port> 
  <interface>wan</interface> 
  <descr>MAIL SSH</descr> 
  </rule>
- <rule>
  <external-address>216.229.224.78</external-address> 
  <protocol>tcp</protocol> 
  <external-port>80</external-port> 
  <target>10.0.0.8</target> 
  <local-port>80</local-port> 
  <interface>wan</interface> 
  <descr>MAIL HTTP</descr> 
  </rule>
- <rule>
  <external-address>216.229.224.78</external-address> 
  <protocol>tcp</protocol> 
  <external-port>443</external-port> 
  <target>10.0.0.8</target> 
  <local-port>443</local-port> 
  <interface>wan</interface> 
  <descr>MAIL HTTPS</descr> 
  </rule>
- <rule>
  <external-address>216.229.224.78</external-address> 
  <protocol>tcp/udp</protocol> 
  <external-port>25</external-port> 
  <target>10.0.0.8</target> 
  <local-port>25</local-port> 
  <interface>wan</interface> 
  <descr>MAIL SMTP</descr> 
  </rule>
- <rule>
  <external-address>216.229.224.71</external-address> 
  <protocol>tcp</protocol> 
  <external-port>6004</external-port> 
  <target>192.168.1.10</target> 
  <local-port>6004</local-port> 
  <interface>wan</interface> 
  <descr>EXCHSRVR RPC</descr> 
  </rule>
  </nat>
- <filter>
- <rule>
  <interface>wan</interface> 
  <protocol>tcp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <address>10.0.0.2</address> 
  <port>21</port> 
  </destination>
  <descr>NAT</descr> 
  </rule>
- <rule>
  <interface>wan</interface> 
  <protocol>tcp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <address>10.0.0.2</address> 
  <port>22</port> 
  </destination>
  <descr>NAT STCDEV SSH</descr> 
  </rule>
- <rule>
  <interface>wan</interface> 
  <protocol>tcp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <address>10.0.0.2</address> 
  <port>80</port> 
  </destination>
  <descr>NAT STCDEV HTTP</descr> 
  </rule>
- <rule>
  <interface>wan</interface> 
  <protocol>tcp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <address>10.0.0.2</address> 
  <port>443</port> 
  </destination>
  <descr>NAT STCDEV HTTPS</descr> 
  </rule>
- <rule>
  <interface>wan</interface> 
  <protocol>tcp/udp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <address>10.0.0.2</address> 
  <port>3306</port> 
  </destination>
  <descr>NAT STCDEV MYSQL</descr> 
  </rule>
- <rule>
  <interface>wan</interface> 
  <protocol>tcp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <address>10.0.0.3</address> 
  <port>21</port> 
  </destination>
  <descr>NAT STC FTP</descr> 
  </rule>
- <rule>
  <interface>wan</interface> 
  <protocol>tcp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <address>10.0.0.3</address> 
  <port>22</port> 
  </destination>
  <descr>NAT STC SSH</descr> 
  </rule>
- <rule>
  <interface>wan</interface> 
  <protocol>tcp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <address>10.0.0.3</address> 
  <port>80</port> 
  </destination>
  <descr>NAT STC HTTP</descr> 
  </rule>
- <rule>
  <interface>wan</interface> 
  <protocol>tcp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <address>10.0.0.3</address> 
  <port>443</port> 
  </destination>
  <descr>NAT STC HTTPS</descr> 
  </rule>
- <rule>
  <interface>wan</interface> 
  <protocol>tcp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <address>10.0.0.5</address> 
  <port>80</port> 
  </destination>
  <descr>NAT PRODUCTION HTTP</descr> 
  </rule>
- <rule>
  <interface>wan</interface> 
  <protocol>tcp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <address>10.0.0.5</address> 
  <port>443</port> 
  </destination>
  <descr>NAT PRODUCTION HTTPS</descr> 
  </rule>
- <rule>
  <interface>wan</interface> 
  <protocol>tcp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <address>10.0.0.8</address> 
  <port>22</port> 
  </destination>
  <descr>NAT MAIL SSH</descr> 
  </rule>
- <rule>
  <interface>wan</interface> 
  <protocol>tcp/udp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <address>10.0.0.8</address> 
  <port>25</port> 
  </destination>
  <descr>NAT MAIL SMTP</descr> 
  </rule>
- <rule>
  <interface>wan</interface> 
  <protocol>tcp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <address>10.0.0.8</address> 
  <port>80</port> 
  </destination>
  <descr>NAT MAIL HTTP</descr> 
  </rule>
- <rule>
  <interface>wan</interface> 
  <protocol>tcp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <address>10.0.0.8</address> 
  <port>443</port> 
  </destination>
  <descr>NAT MAIL HTTPS</descr> 
  </rule>
- <rule>
  <interface>wan</interface> 
  <protocol>tcp/udp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <address>192.168.1.10</address> 
  <port>25</port> 
  </destination>
  <descr>NAT EXCHSRVR SMTP</descr> 
  </rule>
- <rule>
  <interface>wan</interface> 
  <protocol>tcp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <address>192.168.1.10</address> 
  <port>80</port> 
  </destination>
  <descr>NAT EXCHSRVR HTTP</descr> 
  </rule>
- <rule>
  <interface>wan</interface> 
  <protocol>tcp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <address>192.168.1.10</address> 
  <port>443</port> 
  </destination>
  <descr>NAT EXCHSRVR HTTPS</descr> 
  </rule>
- <rule>
  <interface>wan</interface> 
  <protocol>tcp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <address>192.168.1.10</address> 
  <port>6001</port> 
  </destination>
  <descr>NAT EXCHSRVR RPC</descr> 
  </rule>
- <rule>
  <interface>wan</interface> 
  <protocol>tcp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <address>192.168.1.10</address> 
  <port>6002</port> 
  </destination>
  <descr>NAT EXCHSRVR RPC</descr> 
  </rule>
- <rule>
  <interface>wan</interface> 
  <protocol>tcp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <address>192.168.1.10</address> 
  <port>6004</port> 
  </destination>
  <descr>NAT EXCHSRVR RPC</descr> 
  </rule>
- <rule>
  <type>pass</type> 
  <interface>opt1</interface> 
- <source>
  <network>opt1</network> 
  </source>
- <destination>
  <network>lan</network> 
  <not /> 
  </destination>
  <descr>Allow DMZ access to any except LAN</descr> 
  </rule>
- <rule>
  <type>pass</type> 
  <interface>lan</interface> 
- <source>
  <network>lan</network> 
  </source>
- <destination>
  <any /> 
  </destination>
  <descr>Allow LAN access to any</descr> 
  </rule>
- <rule>
  <type>pass</type> 
  <interface>pptp</interface> 
  <protocol>tcp</protocol> 
- <source>
  <any /> 
  </source>
- <destination>
  <any /> 
  </destination>
  <descr>Allow PPTP to access any</descr> 
  </rule>
  </filter>
  <shaper /> 
  <ipsec /> 
  <aliases /> 
- <proxyarp>
- <proxyarpnet>
  <network>216.229.224.70/32</network> 
  <descr>Default</descr> 
  </proxyarpnet>
- <proxyarpnet>
  <network>216.229.224.72/32</network> 
  <descr>STCDEV</descr> 
  </proxyarpnet>
- <proxyarpnet>
  <network>216.229.224.73/32</network> 
  <descr>STC</descr> 
  </proxyarpnet>
- <proxyarpnet>
  <network>216.229.224.75/32</network> 
  <descr>DOTNET</descr> 
  </proxyarpnet>
- <proxyarpnet>
  <network>216.229.224.78/32</network> 
  <descr>MAIL</descr> 
  </proxyarpnet>
  </proxyarp>
  <wol /> 
  </m0n0wall>

-----Original Message-----
From: Will Dyson [mailto:will dot dyson at gmail dot com] 
Sent: Friday, March 25, 2005 12:09 PM
To: David Cavanaugh
Subject: Re: [m0n0wall] Just need some clarification (or I need some
had-holding)

On Fri, 25 Mar 2005 11:30:41 -0500, David Cavanaugh
<dcavanaugh at thewebpros dot net> wrote:
> O.K. Now I feel like an idiot:
> 
> I have ten public IPs. I want to route five of them through m0n0wall's
> WAN port to the OPT1 (now called DMZ) port. I set appropriate entries
in
> the Server NAT dialogue, Proxy ARP, inbound NAT / firewall rules.
> 
> Suffice to say it didn't work-- no internet connectivity from LAN or
> DMZ.
 
It always helps to tell us the version of the m0n0wall firmware.
Without that and an example of the non-working configuration file, it
is really hard to help you.

-- 
Will Dyson