[ previous ] [ next ] [ threads ]
 
 From:  Phil <xphilz at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Mail problems - need advice please
 Date:  Thu, 16 Mar 2006 08:51:51 +1100
Hi Kristian,

I can ping all above paths from an external location without error.

Cheers,
Phil.

On 3/16/06, Kristian Shaw <monowall at wealdclose dot co dot uk> wrote:
>
> Hello,
>
> Can you ping www.mydomain.com from another connection to confirm that ICMP
> is not being blocked on the remote network?
>
> Blocking ICMP stops MTU Path Discovery from working properly which causes
> all sorts of odd connectivity problems.
>
> Kris.
> ----- Original Message -----
> From: "Phil" <xphilz at gmail dot com>
> To: <m0n0wall at lists dot m0n0 dot ch>
> Sent: Wednesday, March 15, 2006 9:34 PM
> Subject: [m0n0wall] Mail problems - need advice please
>
>
> Hi guys,
>
> I am having a problem where I can't get mail through my mail client or
> through webmail which goes like this;
>
> - Can get to www.mydomain.com
> - *Can't* get to www.mydomain.com/webmail
> - *Can't* ping mail.mydomain.com
> - *Can't* tracert to mail.mydomain.com - Any tracert that I do will fail
> outside the m0n0 which is strange. It gets about 6 hops in and then failes
> 1-2 hops short of the destination.
> - Can Telnet to mail.mydomain.com 25
>
> I can get to all these locations from any other computer that is not
> behind
> my m0n0wall. I can also perform all the tests to places like yahoo,
> google,
> microsoft and other domains that I use with no problems.
>
> It is a little strange as all this has been working for as long as I have
> had the m0n0 which is about 2 years and only with the recent update has
> all
> this stopped working. I don't have any rules that would block mail or
> anything else complex. My setup is straightforward and simple. It is as
> follows;
>
> - LAN - 192.168.1.1
> - WAN - Dynamic from ISP - PPPoE
> - DMZ - Static address from ISP - This is using 1:1 NAT.
>
> The only inbound NAT\FW rules are for;
>
> If Proto                  Ext. port range     NAT IP                Int.
> port range     Description
> WAN TCP             25 (SMTP)           DMZ IP (hidden)    25 (SMTP)
> Allow SMTP to DMZ
> WAN TCP             80 (HTTP)            DMZ IP (hidden)    80
> (HTTP)          allow http to www server in DMZ
> WAN TCP             3389                   DMZ IP
> (hidden)    3389                  allow RDP to DMZ
> WAN TCP             3390                   LAN IP (hidden)
> 3390                  RDP - dev
> WAN  UDP           5060                   LAN IP (hidden)
> 5060                  Allow SIP
> WAN  UDP           16382 - 20382      LAN IP (hidden)     16382 -
> 20382     Allow RTP
>
> I have spent ages troubleshooting this with my ISP and Domain Registrar
> and
> there seems to be no problems there end. Also the fact that I can take my
> machine anywhere outside of my network and get 100% functionality seems to
> show its a localised problem.
>
> I have tried doing snaps in the fw logs as I try to connect to mail, ping
> and tracert and I can not see the traffic being blocked which is even more
> confusing.
>
> I am stuck for ideas on how to troubleshoot this further and I am open to
> suggestions to get this resolved. Please let me know what further info
> would
> be useful in troubleshooting this.
>
> Thanks for any assistance in advance.
>
> Cheers,
> Phil.
>
>
>