[ previous ] [ next ] [ threads ]
 
 From:  <spamcop at ok dot ru>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Multiple IP on WAN connection problem.
 Date:  Sun, 22 Jan 2006 21:31:25 +0300
In all my posts i've identical IP for DMZ interface.
Yes, default gateway in our mail server match the m0n0wall 
DMZ interface IP address.

172.16.1.253/24 - LAN
111.111.111.67/28 - WAN
192.168.3.253/24 - DMZ
192.168.4.253/24 - LAN2

$ ifconfig
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> 
mtu 1500
	options=40<POLLING>
	inet 172.16.1.253 netmask 0xffffff00 broadcast 
172.16.1.255
	ether xx:xx:xx:xx:xx:xx
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
sk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> 
mtu 1500
	inet 111.111.111.67 netmask 0xfffffff0 broadcast 
111.111.111.79
	ether xx:xx:xx:xx:xx:xx
	media: Ethernet autoselect (100baseTX 
<full-duplex,flag0,flag1>)
	status: active
fxp0: 
flags=9843<UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST> 
mtu 1500
	options=40<POLLING>
	inet 192.168.3.253 netmask 0xffffff00 broadcast 
192.168.3.255
	ether xx:xx:xx:xx:xx:xx
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
sk1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> 
mtu 1500
	inet 192.168.4.253 netmask 0xffffff00 broadcast 
192.168.4.255
	ether xx:xx:xx:xx:xx:xx
	media: Ethernet autoselect (1000baseTX <half-duplex>)
	status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	inet 127.0.0.1 netmask 0xff000000

$ netstat -nr
Routing tables

Internet:
Destination        Gateway            Flags    Refs 
     Use  Netif Expire
default            111.111.111.65     UGSc        2 
       0    sk0
127.0.0.1          127.0.0.1          UH          0 
       0    lo0
172.16.1/24        link#1             UC          0 
       0    rl0
192.168.3          link#3             UC          1 
       0   fxp0
192.168.3.4        xx:xx:xx:xx:xx:xx  UHLW        1 
      53   fxp0    702
192.168.4          link#4             UC          0 
       0    sk1
111.111.111.64/28  link#2             UC          1 
       0    sk0
111.111.111.65     xx:xx:xx:xx:xx:xx  UHLW        3 
       0    sk0   1146

$ cat /cf/conf/config.xml

....
<interfaces>
		<lan>
			<if>rl0</if>
			<ipaddr>172.16.1.253</ipaddr>
			<subnet>24</subnet>
			<media/>
			<mediaopt/>
		</lan>
		<wan>
			<if>sk0</if>
			<mtu/>
			<media/>
			<mediaopt/>
			<spoofmac/>
			<ipaddr>111.111.111.67</ipaddr>
			<subnet>28</subnet>
			<gateway>111.111.111.65</gateway>
		</wan>
		<opt1>
			<descr>DMZ</descr>
			<if>fxp0</if>
			<ipaddr>192.168.3.253</ipaddr>
			<subnet>24</subnet>
			<bridge/>
			<enable/>
		</opt1>
		<opt2>
			<descr>LAN2</descr>
			<if>sk1</if>
			<ipaddr>192.168.4.253</ipaddr>
			<subnet>24</subnet>
			<bridge/>
			<enable/>
		</opt2>
	</interfaces>
	<staticroutes/>
	<pppoe/>
	<pptp/>
	<bigpond/>
	<dyndns>
		<type>dyndns</type>
		<username/>
		<password/>
		<host/>
		<mx/>
		<server/>
		<port/>
	</dyndns>
	<dnsupdate/>
	<dhcpd>
		<lan>
			<range>
				<from>192.168.1.100</from>
				<to>192.168.1.199</to>
			</range>
		</lan>
	</dhcpd>
	<pptpd>
		<mode/>
		<redir/>
		<localip/>
		<remoteip/>
	</pptpd>
	<dnsmasq>
		<enable/>
	</dnsmasq>
	<snmpd>
		<syslocation/>
		<syscontact/>
		<rocommunity>public</rocommunity>
	</snmpd>
	<diag>
		<ipv6nat>
			<ipaddr/>
		</ipv6nat>
	</diag>
	<bridge/>
	<syslog>
		<nentries>50</nentries>
		<remoteserver/>
	</syslog>
<nat>
		<servernat>
			<ipaddr>111.111.111.72</ipaddr>
			<descr>Mail server</descr>
		</servernat>
		<rule>
			<external-address>111.111.111.72</external-address>
			<protocol>tcp</protocol>
			<external-port>25</external-port>
			<target>mail</target>
			<local-port>25</local-port>
			<interface>wan</interface>
			<descr>allow SMTP to Mail server</descr>
		</rule>
		<advancedoutbound/>
	</nat>
	<filter>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<address>mail</address>
				<port>25</port>
			</destination>
			<log/>
			<descr>NAT allow SMTP to Mail server</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>opt1</interface>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
			</destination>
			<log/>
			<descr>DMZ to any</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>lan</interface>
			<source>
				<network>lan</network>
			</source>
			<destination>
				<any/>
			</destination>
			<descr>Default LAN -&gt; any</descr>
		</rule>
	</filter>
	<shaper/>
	<ipsec/>
	<aliases>
		<alias>
			<name>mail</name>
			<address>192.168.3.4</address>
			<descr>Mail server</descr>
		</alias>
		</aliases>
	<proxyarp>
		<proxyarpnet>
			<interface>wan</interface>
			<network>111.111.111.72/32</network>
			<descr>Mail server</descr>
		</proxyarpnet>
	</proxyarp>
....

Alexander,

On Sun, 22 Jan 2006 10:23:33 -0700
  Jonathan Karras <jkarras at karras dot net> wrote:
>What is your monowall IP set to on the DMZ interface. I 
>am having a hard
>time understanding because things are different between 
>the first and
>last post. In the first post it looks like you have your 
>DMZ interface
>set to 192.168.3.253 and in the last post its set to 
>192.168.3.1. Either
>way does the default gateway in your mail server match 
>the DMZ interface
>IP address?
>
>Jonathan
>
>
>spamcop at ok dot ru wrote:
>> I think i've found problem, but i've not to know how to 
>>solve it.
>> If you do have any ideas, please let me know.
>> 
>> $ netstat -nr
>> Routing tables
>> 
>> Internet:
>> Destination        Gateway            Flags    Refs 
>>    Use  Netif Expire
>> default            111.111.111.65     UGSc        2 
>>      0    sk0
>> 127.0.0.1          127.0.0.1          UH          0 
>>      0    lo0
>> 172.16.1/24        link#1             UC          0 
>>      0    rl0
>> 192.168.3          link#3             UC          1 
>>      0   fxp0
>> 192.168.3.1        xx:xx:xx:xx:xx:xx  UHLW        0 
>>      1   fxp0   1184
>> 111.111.111.64/28  link#2             UC          1 
>>      0    sk0
>> 111.111.111.65     xx:xx:xx:xx:xx:xx  UHLW        3 
>>      0    sk0   1179
>> 
>> $ route get -host 192.168.3.4
>>    route to: 192.168.3.4
>> destination: 192.168.3.0
>>        mask: 255.255.255.0
>>   interface: fxp0
>>       flags: <UP,DONE,CLONING>
>>  recvpipe  sendpipe  ssthresh  rtt,msec    rttvar 
>>hopcount      mtu    
>> expire
>>        0         0         0         0         0 
>>       0     
>> 1500       -47
>> $ telnet 111.111.111.72 25
>> Trying 111.111.111.72...
>> telnet: connect to address 111.111.111.72: Connection 
>>refused
>> 
>> $ route get -host 192.168.3.4
>>    route to: 192.168.3.4
>> destination: 192.168.3.4
>>   interface: fxp0
>>       flags: <UP,HOST,DONE,LLINFO,WASCLONED>
>>  recvpipe  sendpipe  ssthresh  rtt,msec    rttvar 
>>hopcount      mtu    
>> expire
>>        0         0         0         0         0 
>>       0      1500     
>> 1194
>> 
>> Alexander,
>> 
>> On Sun, 22 Jan 2006 12:39:44 +0300
>>  <spamcop at ok dot ru> wrote:
>> 
>>> We're attempt to add multiple IP on WAN to the m0n0wall 
>>>and allow
>>> traffic to Mail server placed in DMZ.
>>> In our previous post i've shown what we've made.
>>>
>>> Externally we're can't telnet to port 25 of 
>>>111.111.111.72
>>>
>>> $ telnet 111.111.111.72 25
>>> Trying 111.111.111.72...
>>> telnet: connect to address 111.111.111.72: Connection 
>>>refused
>>>
>>> Diagnostics: Logs: Firewall:
>>> Act: accept, Time: 12:33:50.512685, If: WAN, Source:
>>> 85.21.108.189,port 4561, Destination: 192.168.3.4,port 
>>>25, Proto: TCP
>>>
>>> Alexander,
>>>
>>>
>>> On Sat, 21 Jan 2006 17:53:49 -0500
>>>  Chris Buechler <cbuechler at gmail dot com> wrote:
>>>
>>>> On 1/21/06, spamcop at ok dot ru <spamcop at ok dot ru> wrote:
>>>>
>>>>>
>>>>> Can some one help please, what's wrong?
>>>>>
>>>>
>>>>
>>>> Either I really missed something, or you need to tell us 
>>>>what's wrong
>>>> first.  What do you want to accomplish, what isn't 
>>>>working, etc.  Then
>>>> maybe we can tell you how to fix it.  :)
>>>>
>>>> -Chris
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: 
>>>>m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>> For additional commands, e-mail: 
>>>>m0n0wall dash help at lists dot m0n0 dot ch
>>>>
>>>
>>> ---
>>> Professional hosting for everyone - http://www.host.ru
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: 
>>>m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>> For additional commands, e-mail: 
>>>m0n0wall dash help at lists dot m0n0 dot ch
>>>
>> 
>> ---
>> Professional hosting for everyone - http://www.host.ru
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: 
>>m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: 
>>m0n0wall dash help at lists dot m0n0 dot ch
>> 
>

---
Professional hosting for everyone - http://www.host.ru