[ previous ] [ next ] [ threads ]
 
 From:  sai <sonicsai at gmail dot com>
 To:  "jan gestre" <m0n0wall dot list at gmail dot com>
 Cc:  "Lee Sharp" <leesharp at hal dash pc dot org>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] DMZ woes
 Date:  Sat, 18 Mar 2006 11:19:41 +0500
On 3/18/06, jan gestre <m0n0wall dot list at gmail dot com> wrote:
> On 3/18/06, Lee Sharp <leesharp at hal dash pc dot org> wrote:
> >
> > From: "jan gestre" <m0n0wall dot list at gmail dot com>
> >
> > > i isolated first the dmz from the network to be sure there is no problem
> > > with the setup i have in mind, then i followed everything you said up to
> > > the
> > > last detail.
> >
> > > 1. ip address of squirrelmail+postfix = 192.168.101.2
> > > 2. server NAT = 203.xxx.xxx.xxx
> > > 3. proxy ARP = 203.xxx.xxx.xxx
> > > 4. inbound NAT:
> > >    * external address = 203.xxx.xxx.xxx
> > >    * protocol = TCP
> > >    * external port = HTTP
> > >    * NAT ip = 192.168.2.2
> > >    * local port = HTTP
> > > 5. tick the boxes
> > > 6. then repeated the procedure for the SMTP port
> >
> > > end result = i still can't browse the gui of my squirrelmail, i tried
> > > browsing the said page from an ip address outside my lan and i can see
> > the
> > > login page of my mailserver. tried sending mail to the outside and i saw
> > > from the mail logs that it was sent, but when i tried to send mail to my
> > > mailserver, i wasn't able to recieved it, there's no entry in my
> > > mail.logsindicating the mail was rejected or accepted. i also checked
> > > the
> > > www.whatismyip.com, i got the ip of the monowall not the ip of the
> > > mailserver, is this result correct?
> > > what more do i have to do in order for my mailserver to accept mails
> > from
> > > outside?
> > > why is it that i cant see the web interface from within?
> > > is there a special tweaking in order for the LAN to see it?
> >
> > I am having a very difficult time following what you have set up.  Let's
> > try
> > more simply.  What are the interface addresses on m0n0wall?  Something
> > like
> > WAN 131.107.0.15 (Microsoft...  Use the first 3 octets for your REAL IP
> > address)
> > LAN 192.168.1.1
> > OPT1 192.168.2.1
> > Mailserver 192.168.2.10
> > Client machine 192.168.1.100
> > Inbound NAT 131.107.0.16 (or xxx.xxx.xxx.16)
> > 1:1 NAT 131.107.0.17
> > Firewall Rules!!!!!!!!!!
> >
> >                                     Lee
> >
> >
> > don't quite follow what you're saying but here's my configuration:
>
>
> WAN = 203.xxx.xxx.186
> LAN = 192.168.1.1
> DMZ = 192.168.2.1
>
> i have three servers in my DMZ whose ip addresses are as follows:
>
> mailserver = 203.xxx.xxx.190/29
> web1        = 203.xxx.xxx.189/29
> web2        = 203.xxx.xxx.188/29
>
> i made a server NAT and proxy ARP for those addresses above and made a
> inbound NAT for each as follows:
>
> SMTP and HTTP  =  192.168.2.2  <--- mailserver + squirrelmail
> HTTP                  =  192.168.2.3 <--- web1
> HTTP                  =  192.168.2.4 <--- web2
>
> checked against whatismyip.com individualy on each server machines and it
> returned the ip of my monowall which is 203.xxx.xxx.186/29
>
>
The result from whatsmyip is because of the NATing you are doing. Can
you check from outside the WAN if the traffic is getting through? Turn
on logging on your rules that allow WAN traffic to the DMZ.

sai