[ previous ] [ next ] [ threads ]
 
 From:  "jan gestre" <m0n0wall dot list at gmail dot com>
 To:  "Lee Sharp" <leesharp at hal dash pc dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] DMZ woes
 Date:  Sat, 18 Mar 2006 03:40:47 +0800
On 3/18/06, Lee Sharp <leesharp at hal dash pc dot org> wrote:
>
> From: "jan gestre" <m0n0wall dot list at gmail dot com>
>
> > i isolated first the dmz from the network to be sure there is no problem
> > with the setup i have in mind, then i followed everything you said up to
> > the
> > last detail.
>
> > 1. ip address of squirrelmail+postfix = 192.168.101.2
> > 2. server NAT = 203.xxx.xxx.xxx
> > 3. proxy ARP = 203.xxx.xxx.xxx
> > 4. inbound NAT:
> >    * external address = 203.xxx.xxx.xxx
> >    * protocol = TCP
> >    * external port = HTTP
> >    * NAT ip = 192.168.2.2
> >    * local port = HTTP
> > 5. tick the boxes
> > 6. then repeated the procedure for the SMTP port
>
> > end result = i still can't browse the gui of my squirrelmail, i tried
> > browsing the said page from an ip address outside my lan and i can see
> the
> > login page of my mailserver. tried sending mail to the outside and i saw
> > from the mail logs that it was sent, but when i tried to send mail to my
> > mailserver, i wasn't able to recieved it, there's no entry in my
> > mail.logsindicating the mail was rejected or accepted. i also checked
> > the
> > www.whatismyip.com, i got the ip of the monowall not the ip of the
> > mailserver, is this result correct?
> > what more do i have to do in order for my mailserver to accept mails
> from
> > outside?
> > why is it that i cant see the web interface from within?
> > is there a special tweaking in order for the LAN to see it?
>
> I am having a very difficult time following what you have set up.  Let's
> try
> more simply.  What are the interface addresses on m0n0wall?  Something
> like
> WAN 131.107.0.15 (Microsoft...  Use the first 3 octets for your REAL IP
> address)
> LAN 192.168.1.1
> OPT1 192.168.2.1
> Mailserver 192.168.2.10
> Client machine 192.168.1.100
> Inbound NAT 131.107.0.16 (or xxx.xxx.xxx.16)
> 1:1 NAT 131.107.0.17
> Firewall Rules!!!!!!!!!!
>
>                                     Lee
>
>
> don't quite follow what you're saying but here's my configuration:


WAN = 203.xxx.xxx.186
LAN = 192.168.1.1
DMZ = 192.168.2.1

i have three servers in my DMZ whose ip addresses are as follows:

mailserver = 203.xxx.xxx.190/29
web1        = 203.xxx.xxx.189/29
web2        = 203.xxx.xxx.188/29

i made a server NAT and proxy ARP for those addresses above and made a
inbound NAT for each as follows:

SMTP and HTTP  =  192.168.2.2  <--- mailserver + squirrelmail
HTTP                  =  192.168.2.3 <--- web1
HTTP                  =  192.168.2.4 <--- web2

checked against whatismyip.com individualy on each server machines and it
returned the ip of my monowall which is 203.xxx.xxx.186/29