[ previous ] [ next ] [ threads ]
 
 From:  "Toshiki Kaifu - FreeBSD Wireless" <toshiki at confero24 dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Problem with static address
 Date:  Sat, 7 May 2005 10:29:19 -0100 (GMT+1)
Very hard to say accurately, without having a full picture of the
firewall's state.  But a couple of things you could check:

- Check if the right interface is mapped to the WAN port (Interfaces -
assign)
- If you see a public-ip assigned to WAN port Status -> Interfaces -
Finally go to Diagnostics -> Ping and try to reach some site outward.

If that ping works you know WAN is sending traffic out to the net.

- To begin trouble-shooting why traffic is not being receive on WAN I'd
look under Firewall -> NAT and/or Rules.  Under Rules set a really free
one like "allow all protocols, from anywhere on WAN" and try to ping the
box from somewhere across the Internet.

Ofcourse backing up your config and restarting the fw will also not hurt.

HTH

-- 
http://www.confero24.com

> Hi
>
> Info
> Version: 1.11 built on Thu Nov 11 23:02:41 CET 2004
> Platform: net45xx
> 3 interfaces, LAN(sis0), WAN(sis1), OPT1(sis2)
> Servers placed on OPT1
>
> I have just switched from PPPoE and a dynamic address to pure Ethernet
and a
> static IP address.
>
> But then I have stoped getting mail and people can't get to my web. My
log is filled with rejected packets.
>
> sis2 @0:17 b 10.2.34.5,25 -> 68.142.249.42,39996 PR tcp len 20 44 -AS IN
>
> I have the same filter and NAT rules as before.
>
> For some reason the m0n0wall rejects the answer packets back
> to the client.
>
> ipf makes a state entry for the packet but...
>
> 68.142.249.42 -> 10.2.34.5 ttl 475 pass 0x500a pr 6 state 2/3
>         pkts 20 bytes 1200      39996 -> 25 c170c9b1:261d74ab
>                                        (max c171a9b1:261e54ab)
>         5840<<0:57344<<0
>         pass in quick keep state        IPv4
>         pkt_flags & 2(b2) = b,          pkt_options & ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
>         interfaces: in sis1,sis2 out sis2,sis1
>
> Is there a simple explanation?
>
> /Anders Hagman
>
> --------------------------------------------------------------------- To
unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

-- 
http://www.confero24.com | http://fbsd.confero24.com