[ previous ] [ next ] [ threads ]
 
 From:  "Peter K." <peter dot k at gmx dot at>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: DMZ Issues for the 400th Time
 Date:  Thu, 20 Apr 2006 17:17:35 +0200 (MEST)
> TCP | * | * | 192.168.10.100 | 80 (HTTP)
should do it (at least for inbound nat)
but i never did 1:1 nat so maybe the problem is there.
try rebooting the firewall when you do lot of configs, helped me out with
some strange problems. never thought of rebooting a m0n0 before that...



> Von: NERD341 at softhome dot net
> An: "Brett Woodruff" <brett at skyways dot us>
> Kopie: m0n0wall at lists dot m0n0 dot ch
> Betreff: [m0n0wall] Re: DMZ Issues for the 400th Time
> Datum: Thu, 20 Apr 2006 08:26:55 -0600
> 

> >from inside.  So I have been using my Neighbor internet and trying from
> the 

> have to keep switching.) 
> 

> like 
> 5 minutes then times out.  But I have Wall Watcher running and I see a lot

> at the time.  But it is blocking random hits on all address 154-158 so it
> is 
> routing the traffic right.  I am also able to ping the web server from the
> M0n0Wall so I know there is traffic there.  So I assume it is still a rule
> issue ; Here is the list of all the rules I have on the DMZ interface: 
> 
> TCP | DMZ net | 80 (HTTP)|  * | 80 (HTTP)
> TCP | * | * | 192.168.10.100 | 80 (HTTP)
> TCP | * | 80 (HTTP) | ! LAN net | 80 (HTTP) 
> 
> 
> Brett Woodruff writes: 
> 
> > 
> > Looks like your setting it up right on the DMZ...  But there is one
> thing
> > your not realizing....  You can't access your internal servers by using
> your
> > external address, while your inside the local network.  As long as your
> > behind the firewall too, you have to use the private address...  If you
> can
> > get an internet connection from out site the firewall, Ie. Neighbor,
> dialup,
> > etc. you should be able to access you internal servers from the external
> > address... as you are trying to do... 
> > 
> > Brett
> > -----Original Message-----
> > From: dasz [mailto:daszylstra at comcast dot net] 
> > Sent: Wednesday, April 19, 2006 10:37 PM
> > To: NERD341 at softhome dot net; m0n0wall at lists dot m0n0 dot ch
> > Subject: Re: [m0n0wall] DMZ Issues for the 400th Time  
> > 
> > 
> > ----- Original Message ----- 
> > From: <NERD341 at softhome dot net>
> > To: <m0n0wall at lists dot m0n0 dot ch>
> > Sent: Wednesday, April 19, 2006 10:32 PM
> > Subject: [m0n0wall] DMZ Issues for the 400th Time 
> > 
> > 
> >>I have been reading the M0n0Wall mailing list for sometime and still
> can't
> >>find a fix for my problem; I am trying to setup a DMZ.  I know this has
> >>been asked a million times but I must be missing something and would
> >>appreciate a hand.  Here is a little back store on my network.  I have a
> >>Generic-PC setup (P3 with a 4 gig HD 512 MB of Ram) with 5 network
> cards.
> >>I have 5 static IP <X.X.X.154-158> addresses I would like to use for
> >>Servers.  I currently have my servers on the outside of my firewall to
> be
> >>operational.
> >> Here is my network diagram.
> >> WAN (X.X.X.154)
> >> LAN (192.168.1.1)
> >>  <DHCP - PC's and Other IP Random Stuff)
> >> DMZ (192.168.10.1)
> >>   <192.168.10.100> - Server 1 (WWW1 and Mail) (X.X.X.155)
> >>   <192.168.10.110> - Server 2 (WWW2) (X.X.X.156)
> >>   <192.168.10.120> - Server 3 (Dev) (X.X.X.157)
> >>   <192.168.10.130> - Server 4 (Other) (X.X.X.158)
> >> WLAN (192.168.2.1)
> >>   <DHCP - Private Wireless>
> >> WLAN_PUBLIC (192.168.5.1)
> >>    <DHCP - Public Wireless>
> >> I have PROXY ARP setup to lessen for IP X.X.X.155-158.  I have capture
> >> portal active on WLAN_PUBLIC and Outbound NAT setup for LAN, WLAN, and
> >> WLAN_PUBLIC.  1:1 NAT setup to the above config.
> >> Now this is where I get a little confusted . Which interface do I need
> to
> >> set the rules up on to allow traffic to my servers.  I have been
> testing
> >> this by allowing HTTP to Server 1, Rule Like TCP | * | 80 |
> >> 192.168.10.100| 80 on the DMZ interface.  Is this RIGHT?  I am unable
> to
> >> access the server by using the IP .154.  I did add a rule of  TCP | * |
> *
> >> |  X.X.X.154 | 8080 so I could remote admin the firewall for testing
> and
> >> this works file.
> >> Any help on getting this working would be greatly appreciated.
> >
>
----------------------------------------------------------------------------
> > ------- 
> > 
> > Try the rule with TCP | * | * | 192.168.10.100| 80    (the http client
> > doesn't normally use source port 80, just destination port 80) 
> > 
> > Also when I'm debugging my config I found the firewall log is very
> > helpful -- i.e. if you test http access that gets denied the log should
> show
> > the event with source IP/port and destination IP/port . . . . 
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch 
> > 
> >  
> > 
> >  
> > 
> > -- 
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.1.385 / Virus Database: 268.4.4/318 - Release Date: 4/18/2006
> > 
> >  
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch 
> > 
>  
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 

-- 
GMX Produkte empfehlen und ganz einfach Geld verdienen!