[ previous ] [ next ] [ threads ]
 
 From:  sai <sonicsai at gmail dot com>
 To:  Tom <tomvaldes at comcast dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: NAT issues..
 Date:  Thu, 8 Sep 2005 10:03:13 +0500
in status.php , under ipfstat -nio 
I have the following rule (vro is the WAN interface)

@10 block in quick on vr0 proto udp from any port = 67 to
192.168.10.0/24 port = 68

There are also a number of other rules related to port 67 and port 68.
I was wondering why these are included by default by m0n0. presume
that Toms question is related to this.

sai


On 9/7/05, Tom <tomvaldes at comcast dot net> wrote:
> I'm having trouble with NATs.  I have a few other NATs.. ie SSH and SSL 
> which work fine, but I created a NAT today which doesn't work.
> this is the rule: (it's an allow rule)
> TCP/UDP 	* 	* 	10.0.0.35 	68
> 
> I also tried the above rule with only UDP
> 
> this is the NAT:
> WAN 	TCP/UDP 	68 	10.0.0.35 	68
> 
> I also tried this with UPD only
> 
> and here are the log entries with deny
> [click to select action] <?act=b> 	22:49:41.272715 	WAN <?if=WAN> 
> 68.XX.XX.XX <?sp=> 	10.0.0.35, type unreach/port <?dp=> 	ICMP <?pr=ICMP>
> [click to select action] <?act=b> 	22:49:41.234960 	WAN <?if=WAN> 
> 24.XX.XX.XX, port 67 <?sp=67> 	10.0.0.35, port 68 <?dp=68> 	UDP <?pr=UDP>
> [click to select action] <?act=b> 10 	22:49:40.279696 	WAN <?if=WAN> 
> 68.XX.XX.XX <?sp=> 	10.0.0.35, type unreach/port <?dp=> 	ICMP <?pr=ICMP>
> 
> 
> I mostly get the entries about the port 68 UDP getting denied.
> 
> Also, I have the rule set to log anything handled by this rule but I 
> never see any "accept" entries related to this rule.
> 
> any ideas what I'm missing?
> 
> thanks,
> tom
> 
> Also, I ha
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>