[ previous ] [ next ] [ threads ]
 
 From:  Jason King <jking at informs dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  LAN to DMZ problems
 Date:  Thu, 26 May 2005 08:59:43 -0500
I'm having some problems with my m0n0wall setup. This is a very strange 
occurance and I'll try to be concise in my explaination of what is going on.

1. I have a class C network at 216.248.165.0.

2. The class C network is split in half at the router so that all 
traffic bound for 216.248.165.1-128 will be routed directly from the 
router...or, those machines are directly connected to the router. All 
traffic bound for 216.248.165.130-254 will be routed through my m0n0wall 
firewall and into my non-routeable 10.0.0.0 DMZ.

3. My firewall uses 1:1 natting. For example, my website is at 
216.248.165.140, which is routed through the firewall first. Well in my 
1:1 natting, the outside ip of 216.248.165.140 nats to 10.0.0.140.

4. For testing purposes...all rules on all interfaces are set to allow 
all traffic through so we are not dealing with a rules issue. At least I 
don't think we are.

5. Now for the wierd part. When someone from outside goes to 
www.informs.com, which has the outside ip of 216.248.165.140, my website 
within my DMZ with an IP of 10.0.0.140 comes up just fine. But when 
someone on the LAN interface goes to www.informs.com or 216.248.165.140, 
the page times out and never comes up. Now someone can go straight to 
10.0.0.140 from the LAN interface and that brings up the website just 
fine, it's only when they try and hit the outside IP that it stops working.

6. I did a tracert from the LAN and the trace appears to stop at the 
router that connects us to our ISP.

I have been unable to solve this issue for a while now. I'm not really 
sure what I'm missing.

I would apprecate any advise.

Jason King