[ previous ] [ next ] [ threads ]
 
 From:  "jan gestre" <m0n0wall dot list at gmail dot com>
 To:  sai <sonicsai at gmail dot com>
 Cc:  "Lee Sharp" <leesharp at hal dash pc dot org>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] DMZ woes
 Date:  Sat, 18 Mar 2006 21:24:13 +0800
On 3/18/06, sai <sonicsai at gmail dot com> wrote:
>
> On 3/18/06, jan gestre <m0n0wall dot list at gmail dot com> wrote:
> > On 3/18/06, Lee Sharp <leesharp at hal dash pc dot org> wrote:
> > >
> > > From: "jan gestre" <m0n0wall dot list at gmail dot com>
> > >
> > > > i isolated first the dmz from the network to be sure there is no
> problem
> > > > with the setup i have in mind, then i followed everything you said
> up to
> > > > the
> > > > last detail.
> > >
> > > > 1. ip address of squirrelmail+postfix = 192.168.101.2
> > > > 2. server NAT = 203.xxx.xxx.xxx
> > > > 3. proxy ARP = 203.xxx.xxx.xxx
> > > > 4. inbound NAT:
> > > >    * external address = 203.xxx.xxx.xxx
> > > >    * protocol = TCP
> > > >    * external port = HTTP
> > > >    * NAT ip = 192.168.2.2
> > > >    * local port = HTTP
> > > > 5. tick the boxes
> > > > 6. then repeated the procedure for the SMTP port
> > >
> > > > end result = i still can't browse the gui of my squirrelmail, i
> tried
> > > > browsing the said page from an ip address outside my lan and i can
> see
> > > the
> > > > login page of my mailserver. tried sending mail to the outside and i
> saw
> > > > from the mail logs that it was sent, but when i tried to send mail
> to my
> > > > mailserver, i wasn't able to recieved it, there's no entry in my
> > > > mail.logsindicating the mail was rejected or accepted. i also
> checked
> > > > the
> > > > www.whatismyip.com, i got the ip of the monowall not the ip of the
> > > > mailserver, is this result correct?
> > > > what more do i have to do in order for my mailserver to accept mails
> > > from
> > > > outside?
> > > > why is it that i cant see the web interface from within?
> > > > is there a special tweaking in order for the LAN to see it?
> > >
> > > I am having a very difficult time following what you have set
> up.  Let's
> > > try
> > > more simply.  What are the interface addresses on m0n0wall?  Something
> > > like
> > > WAN 131.107.0.15 (Microsoft...  Use the first 3 octets for your REAL
> IP
> > > address)
> > > LAN 192.168.1.1
> > > OPT1 192.168.2.1
> > > Mailserver 192.168.2.10
> > > Client machine 192.168.1.100
> > > Inbound NAT 131.107.0.16 (or xxx.xxx.xxx.16)
> > > 1:1 NAT 131.107.0.17
> > > Firewall Rules!!!!!!!!!!
> > >
> > >                                     Lee
> > >
> > >
> > > don't quite follow what you're saying but here's my configuration:
> >
> >
> > WAN = 203.xxx.xxx.186
> > LAN = 192.168.1.1
> > DMZ = 192.168.2.1
> >
> > i have three servers in my DMZ whose ip addresses are as follows:
> >
> > mailserver = 203.xxx.xxx.190/29
> > web1        = 203.xxx.xxx.189/29
> > web2        = 203.xxx.xxx.188/29
> >
> > i made a server NAT and proxy ARP for those addresses above and made a
> > inbound NAT for each as follows:
> >
> > SMTP and HTTP  =  192.168.2.2  <--- mailserver + squirrelmail
> > HTTP                  =  192.168.2.3 <--- web1
> > HTTP                  =  192.168.2.4 <--- web2
> >
> > checked against whatismyip.com individualy on each server machines and
> it
> > returned the ip of my monowall which is 203.xxx.xxx.186/29
> >
> >
> The result from whatsmyip is because of the NATing you are doing. Can
> you check from outside the WAN if the traffic is getting through? Turn
> on logging on your rules that allow WAN traffic to the DMZ.
>
> sai
>

my DMZ is finally setup, i can now send and recieve mails from the outside,
my only problem now is how will my LAN users be able to login the
squirrelmail login page by just typing the url of site
http://mail.example.org instead of typing the internal ip address of the
server.