On 3/17/06, sai <sonicsai at gmail dot com> wrote:
>
> On 3/16/06, jan gestre <m0n0wall dot list at gmail dot com> wrote:
> > i'm trying to setup my dmz using the OPT interface, tried to use 1:1 NAT
> and
> > Inbound NAT to no avail, i can't get it to work :(
> >
> > This is my network setup:
> >                                                              __________
> > internet
> >                                                             |
> >                                                             |
> >                                                             | WAN
> interface
> > 203.xxx.xxx.xxx
> >                                                             |
> >      LAN interface 192.168.1.1/24        ------------------
> >                     ----------------------------------|  monowall
> > |------------------------
> >                    |
> ------------------
> >                      | DMZ interface 192.168.2.1/24
> >
> > |
> > |
> >
> > |
> > |
> >
> > |
> > |                             192.168.2.3/24
> >
> > |
> > ---------------------                    -----------------------
> >
> > --------------------
> > |      DMZ       |--------------------|   webserver     |
> >            |      LAN
> > |
> > ---------------------                     -----------------------
> >
> > --------------------
> > |
> >
> > |
> > |
> >
> > |
> > |
> >
> > |
> > -----------------------
> >
> > ------------                                                        |
> > mail server    | 192.168.2.2/24
> >               | clients
> > |
> > -------------------------
> >               ------------
> >
> > i did everything in the example but it's not working, can anybody help
> get
> > it to work.
> >
> > TIA
> >
> >
> (public IP address == real ip address as assigned to you from your ISP)
>
> (private IP == your internal network such as 192.168.2.1)
>
> Here is an example DMZ setting for a web server
>
> [1] Assign private IP address to your web server in the DMZ e.g.
> 192.168.2.2
>
> [2]  menu: Firewall> NAT> Server NAT : here add the public IP address
> of the web server
>
> [3] in the Services menu > Proxy ARP add the the public ip addresses
>
> [4] again in the Firewall menu > NAT > Inbound add the following rule
>
>     * External address: public ip address of the server
>     * Protocol: TCP (or as desired)
>     * External port range from: HTTP
>     * NAT IP: private ip address for server
>     * Local port: HTTP
>
> [5] tick the box that says auto add rules.
>
> Dont really get your diagram (text wraps on gmail) but this should
> work. If it doesn't then try to explain in more detail what happens
> and what doesnt.
>
> sai
> sai
>

dear sai,

i isolated first the dmz from the network to be sure there is no problem
with the setup i have in mind, then i followed everything you said up to the
last detail.

1. ip address of squirrelmail+postfix = 192.168.101.2
2. server NAT = 203.xxx.xxx.xxx
3. proxy ARP = 203.xxx.xxx.xxx
4. inbound NAT:
   * external address = 203.xxx.xxx.xxx
   * protocol = TCP
   * external port = HTTP
   * NAT ip = 192.168.2.2
   * local port = HTTP
5. tick the boxes
6. then repeated the procedure for the SMTP port

end result = i still can't browse the gui of my squirrelmail, i tried
browsing the said page from an ip address outside my lan and i can see the
login page of my mailserver. tried sending mail to the outside and i saw
from the mail logs that it was sent, but when i tried to send mail to my
mailserver, i wasn't able to recieved it, there's no entry in my
mail.logsindicating the mail was rejected or accepted. i also checked
the
www.whatismyip.com, i got the ip of the monowall not the ip of the
mailserver, is this result correct?
what more do i have to do in order for my mailserver to accept mails from
outside?
why is it that i cant see the web interface from within?
is there a special tweaking in order for the LAN to see it?


TIA