[ previous ] [ next ] [ threads ]
 
 From:  "Daniel L. Hunter" <dhunter at techmethods dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  NAT not NATing
 Date:  Tue, 21 Jun 2005 10:20:45 -0400 
I'm trying to get NAT working on a 25-30 computer network but I'm not 
able to access any of the services from outside of the network.  The 
services that I'm trying to access are available inside the network and 
are working properly (for testing purposes I'm trying to access SSH and 
HTTP).

I'm allowing Pings and I can ping the router from outside the network.

I've tried it with Proxy ARP enabled and disabled.  I've changed the 
rules around to try different variations.  I've tried to access 
different servers inside the network.  Nothing has made a difference.

I do have the rules for SSH set up to log successful attempts and it 
shows that the firewall is letting the traffic pass.  But I get a 
timeout every time I attempt to connect (and I did verify that I can SSH 
to another server from the client I'm using outside the network).

I'm probably missing something terribly obvious.  I'd appreciate any 
suggestions you might have.

Here's the setup:

______________________________
|cable modem                 |
|Gateway IP - ***.***.76.1   |
------------------------------
    |
    V
______________________
|m0n0wall - v. 1.2b8 |
|wan - ***.***.77.6  |
|lan - 192.9.200.1   |
|                    |
|WAN IP Assigned by  |
|modem using DHCP    |
----------------------
    |
    V
____________________________________
|48 port switch                    |
------------------------------------
| | | | | | | | | | | | | | | | | |
| | | | | | | | | | | | | | | | | |
V V V V V V V V V V V V V V V V V V
-----------------------------------------------------------------
| - rest of network using 192.9.200.x                           |
| - some assigned statically (192.9.200.1 - 192.9.200.99        |
| - Others assigned dynamically (192.9.200.100 - 192.9.200.199) |
-----------------------------------------------------------------

I have Server NAT set up as follows:

External IP Address      Description
---------------------     ------------
***.***.77.6               DHCP IP

I have the following NAT Inbound rules set up:

If   Proto   Ext. Port Range   NAT IP           Int. port range   
Description
---  ------  ----------------  --------------   ----------------  
------------
WAN  TCP      22(SSH)           192.9.200.80     22(SSH)           SSH 
on RH1
                                (ext.:
                                ***.***.77.6)
WAN  TCP      80(HTTP)          192.9.200.80     80(HTTP)          Web 
on W2003
                                (ext.:
                                ***.***.77.6)

And I have the following firewall rules:

Interface   Rule    Proto   Source   Port   Destination   Port        
Description
----------  -----   ------  -------  -----  ------------  -------     
------------
WAN         pass    TCP     *        *      *             22(SSH)     
NAT - SSH
WAN         pass    TCP     *        *      *             80(HTTP)    
NAT - HTTP
LAN         pass    TCP     *        *      *             22(SSH)     
NAT - SSH
LAN         pass    TCP     *        *      *             80(HTTP)    
NAT - HTTP


Thanks in advance for your help.

Danny

-- 

********************************************
Daniel L. Hunter
TechMethods, LLC
(p) 304-876-9103
(f) 304-876-9203
http://www.TechMethods.com
dhunter at TechMethods dot com
********************************************