[ previous ] [ next ] [ threads ]
 
 From:  "Kristian Shaw" <monowall at wealdclose dot co dot uk>
 To:  "Phil" <xphilz at gmail dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Mail problems - need advice please
 Date:  Wed, 15 Mar 2006 21:50:29 -0000 
Hello,

Can you ping www.mydomain.com from another connection to confirm that ICMP 
is not being blocked on the remote network?

Blocking ICMP stops MTU Path Discovery from working properly which causes 
all sorts of odd connectivity problems.

Kris.
----- Original Message ----- 
From: "Phil" <xphilz at gmail dot com>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Wednesday, March 15, 2006 9:34 PM
Subject: [m0n0wall] Mail problems - need advice please


Hi guys,

I am having a problem where I can't get mail through my mail client or
through webmail which goes like this;

- Can get to www.mydomain.com
- *Can't* get to www.mydomain.com/webmail
- *Can't* ping mail.mydomain.com
- *Can't* tracert to mail.mydomain.com - Any tracert that I do will fail
outside the m0n0 which is strange. It gets about 6 hops in and then failes
1-2 hops short of the destination.
- Can Telnet to mail.mydomain.com 25

I can get to all these locations from any other computer that is not behind
my m0n0wall. I can also perform all the tests to places like yahoo, google,
microsoft and other domains that I use with no problems.

It is a little strange as all this has been working for as long as I have
had the m0n0 which is about 2 years and only with the recent update has all
this stopped working. I don't have any rules that would block mail or
anything else complex. My setup is straightforward and simple. It is as
follows;

- LAN - 192.168.1.1
- WAN - Dynamic from ISP - PPPoE
- DMZ - Static address from ISP - This is using 1:1 NAT.

The only inbound NAT\FW rules are for;

If Proto                  Ext. port range     NAT IP                Int.
port range     Description
WAN TCP             25 (SMTP)           DMZ IP (hidden)    25 (SMTP)
Allow SMTP to DMZ
WAN TCP             80 (HTTP)            DMZ IP (hidden)    80
(HTTP)          allow http to www server in DMZ
WAN TCP             3389                   DMZ IP
(hidden)    3389                  allow RDP to DMZ
WAN TCP             3390                   LAN IP (hidden)
3390                  RDP - dev
WAN  UDP           5060                   LAN IP (hidden)
5060                  Allow SIP
WAN  UDP           16382 - 20382      LAN IP (hidden)     16382 -
20382     Allow RTP

I have spent ages troubleshooting this with my ISP and Domain Registrar and
there seems to be no problems there end. Also the fact that I can take my
machine anywhere outside of my network and get 100% functionality seems to
show its a localised problem.

I have tried doing snaps in the fw logs as I try to connect to mail, ping
and tracert and I can not see the traffic being blocked which is even more
confusing.

I am stuck for ideas on how to troubleshoot this further and I am open to
suggestions to get this resolved. Please let me know what further info would
be useful in troubleshooting this.

Thanks for any assistance in advance.

Cheers,
Phil.