Re: [m0n0wall] Mail problems - need advice please

From:	Christoph Hanle <christoph dot hanle at leinpfad dot de>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Mail problems - need advice please
Date:	Wed, 15 Mar 2006 23:08:35 +0100
Phil schrieb:
> Hi Kristian,
> 
> I can ping all above paths from an external location without error.
> 
> Cheers,
> Phil.
> 
> On 3/16/06, Kristian Shaw <monowall at wealdclose dot co dot uk> wrote:
>> Hello,
>>
>> Can you ping www.mydomain.com from another connection to confirm that ICMP
>> is not being blocked on the remote network?
>>
>> Blocking ICMP stops MTU Path Discovery from working properly which causes
>> all sorts of odd connectivity problems.
>>
>> Kris.
>> ----- Original Message -----
>> From: "Phil" <xphilz at gmail dot com>
>> To: <m0n0wall at lists dot m0n0 dot ch>
>> Sent: Wednesday, March 15, 2006 9:34 PM
>> Subject: [m0n0wall] Mail problems - need advice please
>>
>>
>> Hi guys,
>>
>> I am having a problem where I can't get mail through my mail client or
>> through webmail which goes like this;
>>
>> - Can get to www.mydomain.com
>> - *Can't* get to www.mydomain.com/webmail
>> - *Can't* ping mail.mydomain.com
>> - *Can't* tracert to mail.mydomain.com - Any tracert that I do will fail
>> outside the m0n0 which is strange. It gets about 6 hops in and then failes
>> 1-2 hops short of the destination.
>> - Can Telnet to mail.mydomain.com 25
>>
>> I can get to all these locations from any other computer that is not
>> behind
>> my m0n0wall. I can also perform all the tests to places like yahoo,
>> google,
>> microsoft and other domains that I use with no problems.
>>
>> It is a little strange as all this has been working for as long as I have
>> had the m0n0 which is about 2 years and only with the recent update has
>> all
>> this stopped working. I don't have any rules that would block mail or
>> anything else complex. My setup is straightforward and simple. It is as
>> follows;
>>
>> - LAN - 192.168.1.1
>> - WAN - Dynamic from ISP - PPPoE
>> - DMZ - Static address from ISP - This is using 1:1 NAT.
>>
>> The only inbound NAT\FW rules are for;
>>
>> If Proto                  Ext. port range     NAT IP                Int.
>> port range     Description
>> WAN TCP             25 (SMTP)           DMZ IP (hidden)    25 (SMTP)
>> Allow SMTP to DMZ
>> WAN TCP             80 (HTTP)            DMZ IP (hidden)    80
>> (HTTP)          allow http to www server in DMZ
>> WAN TCP             3389                   DMZ IP
>> (hidden)    3389                  allow RDP to DMZ
>> WAN TCP             3390                   LAN IP (hidden)
>> 3390                  RDP - dev
>> WAN  UDP           5060                   LAN IP (hidden)
>> 5060                  Allow SIP
>> WAN  UDP           16382 - 20382      LAN IP (hidden)     16382 -
>> 20382     Allow RTP

Hi,
create a rule allow icmp from WAN to WAN-IP of the m0n0wall and test it.
bye
Christoph
>>
>> I have spent ages troubleshooting this with my ISP and Domain Registrar
>> and
>> there seems to be no problems there end. Also the fact that I can take my
>> machine anywhere outside of my network and get 100% functionality seems to
>> show its a localised problem.
>>
>> I have tried doing snaps in the fw logs as I try to connect to mail, ping
>> and tracert and I can not see the traffic being blocked which is even more
>> confusing.
>>
>> I am stuck for ideas on how to troubleshoot this further and I am open to
>> suggestions to get this resolved. Please let me know what further info
>> would
>> be useful in troubleshooting this.
>>
>> Thanks for any assistance in advance.
>>
>> Cheers,
>> Phil.
>>
>>
>>
> 


-- 
last words:
"let's make the backup tomorrow"