[ previous ] [ next ] [ threads ]
 
 From:  Zach Lowry <zach at zachlowry dot net>
 To:  "James W. McKeand" <james at mckeand dot biz>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Problem accessing NATed services by private IP on Wireless Network
 Date:  Thu, 28 Apr 2005 10:33:49 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

James W. McKeand wrote:
| Could this be an iteration of the classic lannat issue?
| (http://www.m0n0.ch/wall/docbook/faq-lannat.html) But, because you are
| coming from the OPT/WI network it is somehow complicating things.

No, since I an trying to access the LAN IP directly.

| You shouldn't need any static routes. You have the DNS forwarder
| substituting the LAN IP for the Public IP for mail.zachlowry.com. The
| m0n0wall is the primary DNS for the WI network. You have the rules to
| allow "LAN to any" (default) and "WI to any" (would of added this) it
| should just work.

Let's ignore the DNS forwarder for a moment.

pbg4airport:~ zach$ ping 192.168.2.2
PING 192.168.2.2 (192.168.2.2): 56 data bytes
^C
- --- 192.168.2.2 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
pbg4airport:~ zach$ ping 192.168.0.13
PING 192.168.0.13 (192.168.0.13): 56 data bytes
^C
- --- 192.168.0.13 ping statistics ---
6 packets transmitted, 0 packets received, 100% packet loss
pbg4airport:~ zach$ ssh 192.168.0.13
ssh: connect to host 192.168.0.13 port 22: Operation timed out
pbg4airport:~ zach$

There is ) connectivity to these machines, and I'm using the IP. Note
that I'm using a different IP this time, that doesn't really matter,
except that this time it's a Server NAT IP, and it still doesn't work.

| The only thing I can think of is a stale DNS cache on the laptop (or
| any machine) in the WI network. The laptop *thinks* it knows the IP of
| mail.zachlowry.com (public IP) and does not query the m0n0wall for the
| DNS. If it is a Windows machine, running "ipconfig /flushdns" from a
| command prompt would purge the DNS Resolver cache.
|
| Hope this helps and that I'm not beating a dead horse...

It's not DNS. Does anyone have any other ideas?


- --
Zach Lowry
MTSU, Murfreesboro, TN
zach at zachlowry dot net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCcQJdgdZCZBzmiU4RAt7wAJ9ydw/GKUPjBcJTsUTRwzbQnMwfoQCggc9Z
JdScaxoyHTDX6Ea026HEq40=
=/+CY
-----END PGP SIGNATURE-----