Re: [m0n0wall] Using m0n0 under VMWare as a "real" firewall?

From:	"Francois Boulanger" <francois dot boulanger at gmail dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Using m0n0 under VMWare as a "real" firewall?
Date:	Thu, 21 Sep 2006 13:02:46 -0400
MSN Messenger did not work, e-mail I did not try (Gmail. nothing more to
say!)

I tried using good ol' telnet, that didn't work either. Actually, as far as
telnet goes, the connection is accepted, but afterwards nothing happens.

I also tried sniffing the traffic on both adapters using Ethereal; The
initial connection seems to work (syn-synack-ack) but the connection from
m0n0 to the requested website gets reset afterwards. I still need to look
more into that; my TCP/IP skills are, well, far from optimal!

Also, I noticed that a lot of requests coming from the LAN (including
requests from the VMWare host itself) were rejected by m0n0. That seemed
odd, considering I did not setup any rules to block outgoing LAN traffic....
I'll look into that and post my findings and logs here.

Both of my NICs are built-in on my board; I'm using a MSI Platinum Neo2
Board, that has a built-in Nforce NIC and a built-in Gigabit NIC (forgot the
brand of the chipset).

I'll try swapping the NICs, who knows, that might do the trick.....

Thanks!

On 9/21/06, Jonathan Owens <niralisse at gmail dot com> wrote:
>
> I ran a similar setup for a bit while I waited for my Netvista to
> arrive. It sounds like you've done things well so far, as I don't see
> any obvious problems with your setup. One thing I encountered when doing
> this was an onboard NIC that simply didn't work for LAN access. The
> behavior was somewhat similar: the local machine could get to the LAN
> port via the bridged NIC, but no other machines would even get IP
> addresses. You might ensure that both NICs are of high quality before
> troubleshooting software further.
>
> Barring that, I have to say that the web-only failure of your other
> clients is rather strange, do other services (such as email) work?
> Typically if you can ping by hostname, you're home free, so try some
> other services and see what you get.
>
> Be patient, the VMWare m0n0wall is probably the most difficult platform
> to get running.
>
> Francois Boulanger wrote:
> > Hello! My old P133 that ran smoothwall blew up on me, so being a bit
> > adventurous, I decided it might be fun to run m0n0 under VMWare as the
> > primary firewall for my home.
> >
> > Has anybody ever tried (and succeeded) at doing this?
> >
> > A picture being worth a 1000 words, here's how the network is setup :
> > http://www.ioverflow.net/pics/m0n0_network.jpg
> >
> > But something's not right with my configuration. Here's what I know :
> >
> > -under VMWare's Network editor, VMNet2 is bridged to my PC's first NIC,
> > NIC1. (In windows, that nic has no protocols installed on it, except
> > for the
> > VMWare bridge). This NIC is directly connected to my ADSL modem.
> > -under VMWare's Network editor, VMNet0 is bridged to my PC's second NIC,
> > NIC0. (In windows, that nic is configured with all protocols). This
> > NIC is
> > connected to a switch wich links all the PCs in the house.
> >
> > -my m0n0 virtual machine has Ethernet 1 - LAN assigned to VMnet0
> > -my m0n0 virtual machine has Ethernet 2 - WAN assigned to VMnet2
> >
> > m0n0 is configured correctly as far as i can see:
> > - it can connect and obtain an IP adress from the ADSL modem
> > - On the PC that's hosting the Virtual m0n0, I can obtain a DHCP
> > adress from
> > m0n0 on GREEN (nic0) interface, and I can surf the web, everything works
> > perfectly.
> > - I did not setup any specific rules or NATting on m0n0. Outbound access
> > should work for all my lan.
> >
> > but here's the problem : On the other workstation in the home,
> > (workstation
> > 1) :
> > - I can obtain a DHCP adress from m0n0
> > - I can access m0n0's webGUI
> > - I can ping m0n0
> > - I can ping m0n0's WAN IP
> > - I can ping m0n0's WAN gateway
> > - DNS resolution works fine
> > - I can even ping external websites using their IP and DNS,
> > -.... but, for reasons unknown, I cannot access anything on the
> internet.
> > Internet surfing, MSN, etc... nothing works. my browser seems to
> connect,
> > but waits for a while and says that the connection was reset.
> >
> > The behavior is identical in Linux or Windows. I tried replacing the hub
> > with a switch, same problem.
> >
> > Now, I don't consider myself a top notch network expert, but i'm no
> > slouch
> > either, and I can't figure out what's wrong here. I've got more info if
> > you're interested in trying to solve this mystery...(Ethereal packet
> > sniffing on the WAN and the LAN, logs of dropped packets on m0n0 for no
> > apparent reason, content of /status.php, etc).
> >
> > I'm stumped.
> >
> > Any ideas?
> >
> > Thanks!
> > Francois
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>