To compleate the picture:
I had no trouble with outgoing or incomming mail, out or in surf, out or in
ftp and so on before switching the IP address on the WAN interface.
Everything have bin working for over one year.
After the switch from PPPoE to static address, I can still surf, send mail
(this for instans) and so on. But nobody can send an email to my server
through the firewall. The NAT roule is unchanged, stating port 25 should be
forwarded to my public mail server with the address 10.2.34.5 on port 25. A
filter roule is also stated to allow the incomming packet heading for my mail
server (auto generated). And it does, the packet reaches the server.
So far everything is as normal. But when my server responds to the SYN packet
from the client the firewall drops the packet not matching it with the state
As I see it the statefull packet inspection does not work.
I have reloaded, reconfigured, coold booted and so on.
Is there someone who know there ipf inside out that can help me?
Or perhaps tell me the simple thing I have missed.
Left for compleatness:
> Very hard to say accurately, without having a full picture of the
> firewall's state. But a couple of things you could check:
> - Check if the right interface is mapped to the WAN port (Interfaces -
> - If you see a public-ip assigned to WAN port Status -> Interfaces
> - Finally go to Diagnostics -> Ping and try to reach some site outward.
> If that ping works you know WAN is sending traffic out to the net.
> - To begin trouble-shooting why traffic is not being receive on WAN I'd
> look under Firewall -> NAT and/or Rules. Under Rules set a really free
> one like "allow all protocols, from anywhere on WAN" and try to ping the
> box from somewhere across the Internet.
> Ofcourse backing up your config and restarting the fw will also not hurt.
> > Hi
> > Info
> > Version: 1.11 built on Thu Nov 11 23:02:41 CET 2004
> > Platform: net45xx
> > 3 interfaces, LAN(sis0), WAN(sis1), OPT1(sis2)
> > Servers placed on OPT1
> > I have just switched from PPPoE and a dynamic address to pure Ethernet
> > and a
> > static IP address.
> > But then I have stoped getting mail and people can't get to my web.
> > My log is filled with rejected packets.
> > sis2 @0:17 b 10.2.34.5,25 -> 126.96.36.199,39996 PR tcp len 20 44 -AS IN
> > I have the same filter and NAT rules as before.
> > For some reason the m0n0wall rejects the answer packets back
> > to the client.
> > ipf makes a state entry for the packet but...
> > 188.8.131.52 -> 10.2.34.5 ttl 475 pass 0x500a pr 6 state 2/3
> > pkts 20 bytes 1200 39996 -> 25 c170c9b1:261d74ab
> > (max c171a9b1:261e54ab)
> > 5840<<0:57344<<0
> > pass in quick keep state IPv4
> > pkt_flags & 2(b2) = b, pkt_options & ffffffff = 0
> > pkt_security & ffff = 0, pkt_auth & ffff = 0
> > interfaces: in sis1,sis2 out sis2,sis1
> > Is there a simple explanation?
> > /Anders Hagman
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch