In all my posts i've identical IP for DMZ interface.
Yes, default gateway in our mail server match the m0n0wall
DMZ interface IP address.
172.16.1.253/24 - LAN
111.111.111.67/28 - WAN
192.168.3.253/24 - DMZ
192.168.4.253/24 - LAN2
$ ifconfig
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>
mtu 1500
options=40<POLLING>
inet 172.16.1.253 netmask 0xffffff00 broadcast
172.16.1.255
ether xx:xx:xx:xx:xx:xx
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
sk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>
mtu 1500
inet 111.111.111.67 netmask 0xfffffff0 broadcast
111.111.111.79
ether xx:xx:xx:xx:xx:xx
media: Ethernet autoselect (100baseTX
<full-duplex,flag0,flag1>)
status: active
fxp0:
flags=9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST>
mtu 1500
options=40<POLLING>
inet 192.168.3.253 netmask 0xffffff00 broadcast
192.168.3.255
ether xx:xx:xx:xx:xx:xx
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
sk1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>
mtu 1500
inet 192.168.4.253 netmask 0xffffff00 broadcast
192.168.4.255
ether xx:xx:xx:xx:xx:xx
media: Ethernet autoselect (1000baseTX <half-duplex>)
status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
$ netstat -nr
Routing tables
Internet:
Destination Gateway Flags Refs
Use Netif Expire
default 111.111.111.65 UGSc 2
0 sk0
127.0.0.1 127.0.0.1 UH 0
0 lo0
172.16.1/24 link#1 UC 0
0 rl0
192.168.3 link#3 UC 1
0 fxp0
192.168.3.4 xx:xx:xx:xx:xx:xx UHLW 1
53 fxp0 702
192.168.4 link#4 UC 0
0 sk1
111.111.111.64/28 link#2 UC 1
0 sk0
111.111.111.65 xx:xx:xx:xx:xx:xx UHLW 3
0 sk0 1146
$ cat /cf/conf/config.xml
....
<interfaces>
<lan>
<if>rl0</if>
<ipaddr>172.16.1.253</ipaddr>
<subnet>24</subnet>
<media/>
<mediaopt/>
</lan>
<wan>
<if>sk0</if>
<mtu/>
<media/>
<mediaopt/>
<spoofmac/>
<ipaddr>111.111.111.67</ipaddr>
<subnet>28</subnet>
<gateway>111.111.111.65</gateway>
</wan>
<opt1>
<descr>DMZ</descr>
<if>fxp0</if>
<ipaddr>192.168.3.253</ipaddr>
<subnet>24</subnet>
<bridge/>
<enable/>
</opt1>
<opt2>
<descr>LAN2</descr>
<if>sk1</if>
<ipaddr>192.168.4.253</ipaddr>
<subnet>24</subnet>
<bridge/>
<enable/>
</opt2>
</interfaces>
<staticroutes/>
<pppoe/>
<pptp/>
<bigpond/>
<dyndns>
<type>dyndns</type>
<username/>
<password/>
<host/>
<mx/>
<server/>
<port/>
</dyndns>
<dnsupdate/>
<dhcpd>
<lan>
<range>
<from>192.168.1.100</from>
<to>192.168.1.199</to>
</range>
</lan>
</dhcpd>
<pptpd>
<mode/>
<redir/>
<localip/>
<remoteip/>
</pptpd>
<dnsmasq>
<enable/>
</dnsmasq>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<diag>
<ipv6nat>
<ipaddr/>
</ipv6nat>
</diag>
<bridge/>
<syslog>
<nentries>50</nentries>
<remoteserver/>
</syslog>
<nat>
<servernat>
<ipaddr>111.111.111.72</ipaddr>
<descr>Mail server</descr>
</servernat>
<rule>
<external-address>111.111.111.72</external-address>
<protocol>tcp</protocol>
<external-port>25</external-port>
<target>mail</target>
<local-port>25</local-port>
<interface>wan</interface>
<descr>allow SMTP to Mail server</descr>
</rule>
<advancedoutbound/>
</nat>
<filter>
<rule>
<type>pass</type>
<interface>wan</interface>
<protocol>tcp</protocol>
<source>
<any/>
</source>
<destination>
<address>mail</address>
<port>25</port>
</destination>
<log/>
<descr>NAT allow SMTP to Mail server</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<source>
<any/>
</source>
<destination>
<any/>
</destination>
<log/>
<descr>DMZ to any</descr>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
<descr>Default LAN -> any</descr>
</rule>
</filter>
<shaper/>
<ipsec/>
<aliases>
<alias>
<name>mail</name>
<address>192.168.3.4</address>
<descr>Mail server</descr>
</alias>
</aliases>
<proxyarp>
<proxyarpnet>
<interface>wan</interface>
<network>111.111.111.72/32</network>
<descr>Mail server</descr>
</proxyarpnet>
</proxyarp>
....
Alexander,
On Sun, 22 Jan 2006 10:23:33 -0700
Jonathan Karras <jkarras at karras dot net> wrote:
>What is your monowall IP set to on the DMZ interface. I
>am having a hard
>time understanding because things are different between
>the first and
>last post. In the first post it looks like you have your
>DMZ interface
>set to 192.168.3.253 and in the last post its set to
>192.168.3.1. Either
>way does the default gateway in your mail server match
>the DMZ interface
>IP address?
>
>Jonathan
>
>
>spamcop at ok dot ru wrote:
>> I think i've found problem, but i've not to know how to
>>solve it.
>> If you do have any ideas, please let me know.
>>
>> $ netstat -nr
>> Routing tables
>>
>> Internet:
>> Destination Gateway Flags Refs
>> Use Netif Expire
>> default 111.111.111.65 UGSc 2
>> 0 sk0
>> 127.0.0.1 127.0.0.1 UH 0
>> 0 lo0
>> 172.16.1/24 link#1 UC 0
>> 0 rl0
>> 192.168.3 link#3 UC 1
>> 0 fxp0
>> 192.168.3.1 xx:xx:xx:xx:xx:xx UHLW 0
>> 1 fxp0 1184
>> 111.111.111.64/28 link#2 UC 1
>> 0 sk0
>> 111.111.111.65 xx:xx:xx:xx:xx:xx UHLW 3
>> 0 sk0 1179
>>
>> $ route get -host 192.168.3.4
>> route to: 192.168.3.4
>> destination: 192.168.3.0
>> mask: 255.255.255.0
>> interface: fxp0
>> flags: <UP,DONE,CLONING>
>> recvpipe sendpipe ssthresh rtt,msec rttvar
>>hopcount mtu
>> expire
>> 0 0 0 0 0
>> 0
>> 1500 -47
>> $ telnet 111.111.111.72 25
>> Trying 111.111.111.72...
>> telnet: connect to address 111.111.111.72: Connection
>>refused
>>
>> $ route get -host 192.168.3.4
>> route to: 192.168.3.4
>> destination: 192.168.3.4
>> interface: fxp0
>> flags: <UP,HOST,DONE,LLINFO,WASCLONED>
>> recvpipe sendpipe ssthresh rtt,msec rttvar
>>hopcount mtu
>> expire
>> 0 0 0 0 0
>> 0 1500
>> 1194
>>
>> Alexander,
>>
>> On Sun, 22 Jan 2006 12:39:44 +0300
>> <spamcop at ok dot ru> wrote:
>>
>>> We're attempt to add multiple IP on WAN to the m0n0wall
>>>and allow
>>> traffic to Mail server placed in DMZ.
>>> In our previous post i've shown what we've made.
>>>
>>> Externally we're can't telnet to port 25 of
>>>111.111.111.72
>>>
>>> $ telnet 111.111.111.72 25
>>> Trying 111.111.111.72...
>>> telnet: connect to address 111.111.111.72: Connection
>>>refused
>>>
>>> Diagnostics: Logs: Firewall:
>>> Act: accept, Time: 12:33:50.512685, If: WAN, Source:
>>> 85.21.108.189,port 4561, Destination: 192.168.3.4,port
>>>25, Proto: TCP
>>>
>>> Alexander,
>>>
>>>
>>> On Sat, 21 Jan 2006 17:53:49 -0500
>>> Chris Buechler <cbuechler at gmail dot com> wrote:
>>>
>>>> On 1/21/06, spamcop at ok dot ru <spamcop at ok dot ru> wrote:
>>>>
>>>>>
>>>>> Can some one help please, what's wrong?
>>>>>
>>>>
>>>>
>>>> Either I really missed something, or you need to tell us
>>>>what's wrong
>>>> first. What do you want to accomplish, what isn't
>>>>working, etc. Then
>>>> maybe we can tell you how to fix it. :)
>>>>
>>>> -Chris
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail:
>>>>m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>> For additional commands, e-mail:
>>>>m0n0wall dash help at lists dot m0n0 dot ch
>>>>
>>>
>>> ---
>>> Professional hosting for everyone - http://www.host.ru
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail:
>>>m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>> For additional commands, e-mail:
>>>m0n0wall dash help at lists dot m0n0 dot ch
>>>
>>
>> ---
>> Professional hosting for everyone - http://www.host.ru
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>>m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail:
>>m0n0wall dash help at lists dot m0n0 dot ch
>>
>
---
Professional hosting for everyone - http://www.host.ru |
