[ previous ] [ next ] [ threads ]
 
 From:  Paul Taylor <PaulTaylor at winn dash dixie dot com>
 To:  "Joe Rodiguez Jr." <jrodriguezjr at gmail dot com>, Tom Anderson <tom at haremail dot net>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Webserver behind MonoWall
 Date:  Tue, 4 Oct 2005 10:14:07 -0400
The source port should be a range, from 1024-65535...  Leaving it set to any
source port probably isn't a big deal, but all requests from a web browser
should be sourced from 1024-65535.  If the incoming packets are sourced from
a port lower than that, it is probably a hack attempt of some sort.

Paul


-----Original Message-----
From: Joe Rodiguez Jr. [mailto:jrodriguezjr at gmail dot com] 
Sent: Tuesday, October 04, 2005 9:35 AM
To: Tom Anderson; m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Webserver behind MonoWall

Hi, and thank you for responding. One question though, what do you suggest I
put for on the inbound rule where it asked to the external port range I have
it set to 80, however when I do this and select "Auto-add a firewall rule to
permit traffic through this NAT rule" at the bottom of the screen, it sets
up a firewall rule as follows:
      Proto Source Port Destination Port Description

      TCP  *  *  192.168.1.100  80 (HTTP)  NATed IIS Rule


Which is correct?  Do you see my confusion?

Thanks.

----- Original Message -----
From: "Tom Anderson" <tom at haremail dot net>
To: "Joe Rodiguez Jr." <jrodriguezjr at gmail dot com>; <m0n0wall at lists dot m0n0 dot ch>
Sent: Tuesday, October 04, 2005 12:23 AM
Subject: Re: [m0n0wall] Webserver behind MonoWall


> You need to set the source port to any, not 80.
>
> ----- Original Message -----
> From: "Joe Rodiguez Jr." <jrodriguezjr at gmail dot com>
> To: <m0n0wall at lists dot m0n0 dot ch>
> Sent: Monday, October 03, 2005 9:49 PM
> Subject: [m0n0wall] Webserver behind MonoWall
>
>
> > Hi All,
> >
> > I have been searching high and low for an answer to this question in the
> > list and have not come to a definitive answer.
> >
> > I have a group of static IP's that have been assigned to me and I am
> > trying
> > to do a NAT for one of these IP's to an internal webserver with an
address
> > of 192.168.1.10.
> >
> > At this point I have set up a Server NAT address and inbound rules as
> > follows:
> >      If Proto Ext. port range NAT IP Int. port range Description
> >      WAN  TCP  21 (FTP)  192.168.1.10
> >      (ext.: 24.173.XXX.XXX)  21 (FTP)  Test FTP Server
> >      WAN  TCP  80 (HTTP)  192.168.1.10
> >      (ext.: 24.173.XXX.XXX) 80 (HTTP)  IIS Rule
> >
> > Now the FTP rule works great.  The HTTP one however does not work at
all,
> > I
> > can not seem to try get the web server to NAT correctly.
> >
> > Anyone know what I am doing wrong?
> >
> > Your help is greatly appreciated.
> >
> > Thanks,
> >
> > Joe
> >
>
>
>
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.344 / Virus Database: 267.11.9/116 - Release Date: 9/30/2005
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch