[ previous ] [ next ] [ threads ]
 
 From:  "Alex M" <radiussupport at lrcommunications dot net>
 To:  "'Michael Brown'" <knightmb at knightmb dot dyndns dot org>, "Monowall Support List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] why cant i foward PORTS to my radius server?
 Date:  Sat, 30 Sep 2006 00:47:18 -0400
Um, I dint really get you... 
What I want is to be able to type the WAN IP of the router to access the
comp next to me on the same subnet (all port forwarding is setup) but for
some reason it doesn't work... doesn't work with radius, doesn't work with
my custom app that I'm building...

So here is once again what I have say forget about HTTP, let's take RADIUS
and CP for instance.

My radius server is at 192.168.1.100 when use that IP my CP works fine, but
when I use my WAN address the CP can't connect to radius. (Never the less
the remote subnet can connect to radius on the same IP)

Well I think my brain is not working at 1:00 AM on Friday night... but I
still can't get what is causing the problem?



-----Original Message-----
From: Michael Brown [mailto:knightmb at knightmb dot dyndns dot org] 
Sent: Saturday, September 30, 2006 12:29 AM
To: Alex M
Subject: Re: [m0n0wall] why cant i foward PORTS to my radius server?

WAN Bounce only works for the WAN address of the m0n0wall router.  If 
you have multiple IPs mapped to the same interface, those will not be 
bounceable. To be able to bounce, you have to enable the port on the WAN 
side via Firewall rules from *any* source (port 80 for example if you 
want website access).  To get more complex than that, you would need to 
use DNS forwarder to start using a lot of websites from within for ease 
of use.  I use the very thing you are talking about so I can work on 
website related stuff from within the network and people outside on the 
WAN will have the same access.  Much easier than having to type in the 
local address or machine name all the time.

Thanks,
Michael

Alex M wrote:
> Ok so it aberrantly works but it does eats all the packages so when ports
> scan is done the scanner doesn't know if packet was delivered or not (not
> good for testing, but also not good for hackers) PS: It = firewall
>
> Another thing that is driving me crazy is that I can't loop through the
wan
> address within the local net. 
>
> Ex: 
> Router Wan Address 188.38.0.40
> PC connected to that router: 192.168.1.50 (Comp A)
> HTTP Server on w/ that router: 192.168.1.51 (Server)
>
> Now when I connect to 192.168.1.51:80 locally all is good, but when I use
> Comp A and type WAN address http://188.38.0.40:80 im getting nowhere. I
> think whats what the warning on the nat page setup said that it is
> impossible to do!, but my D-Link router was able to do it and I damn need
> that functionality! Does any one knows how to make it possible to work?
>
>  
>
>  
>
> -----Original Message-----
> From: Sven Brill [mailto:madde at gmx dot net] 
> Sent: Friday, September 29, 2006 9:48 PM
> To: Alex M
> Subject: Re: [m0n0wall] why cant i foward PORTS to my radius server?
>
> Alex M wrote:
>   
>> Here is the setup:
>>
>> I set DMZ rule to pass anything from WAN to my local IP
>>
>> I created Inbound NAT Rule to forward 1812 and 1813 to my IP but when I
do
>> port scan it seams that all ports a stelthed. I even tried to rebut. but
>> nothing happens :-(
>>
>>   
>>     
>
> couple of questions to isolate the problem:
> what port scanner are you using?
> are you scanning the the WAN interface from the outside?
> which radius server is it?
> are you sure it only listens on these ports, not maybe 2083 ("Secure 
> Radius") or any arbitrary port? 1812 and 1813 are the standard ports, 
> but can be configured differently.
> can you see anything blocked in the logs (turn on "Log packets blocked 
> by the default rule" under Logs/Settings)?
>
> Sven
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>