[ previous ] [ next ] [ threads ]
 
 From:  "Alex M" <radiussupport at lrcommunications dot net>
 To:  "'Quark IT - Hilton Travis'" <Hilton at quarkit dot com dot au>, "Monowall Support List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] why cant i foward PORTS to my radius server?
 Date:  Sat, 30 Sep 2006 20:57:16 -0400
Yes sure blocking everything is most secure but not always right choice.

Well ok let's assume your solution? But what DNS has to do with IP address?
Also I would prefer if mono could have this functionality build in and that
if some on needs it like me so we can enable it...  so maybe there is a
trick to make it happen with mono box by itself?




-----Original Message-----
From: Quark IT - Hilton Travis [mailto:Hilton at quarkit dot com dot au] 
Sent: Saturday, September 30, 2006 4:35 PM
To: Alex M
Subject: RE: [m0n0wall] why cant i foward PORTS to my radius server?

Hi Alex,

Of course you cannot use your External IP from your Internet LAN as that
would require dropping a lot of security that a real firewall (ie
m0n0wall compared to a D-Link router) affords.  An internal DNS Server
that maps "external.domain.name" to the Internal IP is the best way to
achieve your goal, or alternatively, use the internal address for
internal machines - this however doesn't take care of roaming machines
like the DNS solution does.

--

Regards,

Hilton Travis                          Phone: +61 (0)7 3344 3889
(Brisbane, Australia)                  Phone: +61 (0)419 792 394
Manager, Quark IT                      http://www.quarkit.com.au
         Quark AudioVisual             http://www.quarkav.net

http://www.threatcode.com/ <-- its now time to shame poor coders 
into writing code that is acceptable for use on today's networks

War doesn't determine who is right.  War determines who is left.

This document and any attachments are for the intended recipient 
  only.  It may contain confidential, privileged or copyright 
     material which must not be disclosed or distributed.

                    Quark Group Pty. Ltd.
      T/A Quark Automation, Quark AudioVisual, Quark IT

> -----Original Message-----
> From: Alex M [mailto:radiussupport at lrcommunications dot net]
> Sent: Saturday, 30 September 2006 14:09
> To: 'Sven Brill'; Monowall Support List
> Subject: RE: [m0n0wall] why cant i foward PORTS to my radius server?
> 
> Ok so it aberrantly works but it does eats all the packages so when
> ports
> scan is done the scanner doesn't know if packet was delivered or not
> (not
> good for testing, but also not good for hackers) PS: It = firewall
> 
> Another thing that is driving me crazy is that I can't loop through
the
> wan
> address within the local net.
> 
> Ex:
> Router Wan Address 188.38.0.40
> PC connected to that router: 192.168.1.50 (Comp A)
> HTTP Server on w/ that router: 192.168.1.51 (Server)
> 
> Now when I connect to 192.168.1.51:80 locally all is good, but when I
> use
> Comp A and type WAN address http://188.38.0.40:80 im getting nowhere.
I
> think whats what the warning on the nat page setup said that it is
> impossible to do!, but my D-Link router was able to do it and I damn
> need
> that functionality! Does any one knows how to make it possible to
work?
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Sven Brill [mailto:madde at gmx dot net]
> Sent: Friday, September 29, 2006 9:48 PM
> To: Alex M
> Subject: Re: [m0n0wall] why cant i foward PORTS to my radius server?
> 
> Alex M wrote:
> > Here is the setup:
> >
> > I set DMZ rule to pass anything from WAN to my local IP
> >
> > I created Inbound NAT Rule to forward 1812 and 1813 to my IP but
when
> I do
> > port scan it seams that all ports a stelthed. I even tried to rebut.
> but
> > nothing happens :-(
> >
> >
> 
> couple of questions to isolate the problem:
> what port scanner are you using?
> are you scanning the the WAN interface from the outside?
> which radius server is it?
> are you sure it only listens on these ports, not maybe 2083 ("Secure
> Radius") or any arbitrary port? 1812 and 1813 are the standard ports,
> but can be configured differently.
> can you see anything blocked in the logs (turn on "Log packets blocked
> by the default rule" under Logs/Settings)?
> 
> Sven