[ previous ] [ next ] [ threads ]
 
 From:  "Marty Zigman" <marty dot zigman at prolecto dot com>
 To:  "Lee Sharp" <leesharp at hal dash pc dot org>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Dropped Connection on Additional / Multiple WAN IP Addresses
 Date:  Fri, 5 Jan 2007 23:12:51 -0800
Hi Lee,
 
Thank you for your review.  Below is our config file with sensitive information removed.  I noticed
that there are some minor NAT rules in our config that remain when I was testing this on firewall on
another network.  I do not believe these entries would have any impact on my situation.  
 
Related to my problem, many times I can not connect to the service.  Today for example, I am not
able to connect through Terminal Services on .163.  I can connect on the .171 IP however.  The
definitions are the same to me.  So sometimes it lets me through, for about 30 seconds, and
sometimes not at all...  Could there be something going on with the switch?  Or the router?
 
<?xml version="1.0"?>
<m0n0wall>
 <version>1.6</version>
 <lastchange>1167936654</lastchange>
 <system>
  <hostname></hostname>
  <domain></domain>
  <dnsallowoverride/>
  <username></username>
  <password</password>
  <timezone>America/Los_Angeles</timezone>
  <time-update-interval>300</time-update-interval>
  <timeservers>pool.ntp.org</timeservers>
  <webgui>
   <protocol>http</protocol>
   <port/>
  </webgui>
  <dnsserver>64.81.45.2</dnsserver>
  <dnsserver>216.86.207.3</dnsserver>
 </system>
 <interfaces>
  <lan>
   <if>vr0</if>
   <ipaddr>192.168.168.1</ipaddr>
   <subnet>24</subnet>
   <media/>
   <mediaopt/>
  </lan>
  <wan>
   <if>rl0</if>
   <mtu/>
   <media/>
   <mediaopt/>
   <spoofmac/>
   <blockpriv/>
   <ipaddr>72.35.231.171</ipaddr>
   <subnet>28</subnet>
   <gateway>72.35.231.161</gateway>
  </wan>
  <opt1>
   <if>rl1</if>
   <descr>OPT1</descr>
  </opt1>
  <opt2>
   <if>rl2</if>
   <descr>OPT2</descr>
  </opt2>
 </interfaces>
 <staticroutes/>
 <pppoe/>
 <pptp/>
 <bigpond/>
 <dyndns>
  <type>dyndns</type>
  <username/>
  <password/>
  <host/>
  <mx/>
  <server/>
  <port/>
 </dyndns>
 <dnsupdate/>
 <dhcpd>
  <lan>
   <range>
    <from>192.168.200.100</from>
    <to>192.168.200.120</to>
   </range>
   <defaultleasetime/>
   <maxleasetime/>
  </lan>
 </dhcpd>
 <pptpd>
  <mode>server</mode>
  <redir/>
  <localip>192.168.168.191</localip>
  <remoteip>192.168.168.192</remoteip>
  <radius>
   <server/>
   <secret/>
  </radius>
  <user>
   <name></name>
   <ip/>
   <password></password>
  </user>
 </pptpd>
 <dnsmasq>
  <enable/>
  <regdhcp/>
 </dnsmasq>
 <snmpd>
  <syslocation/>
  <syscontact/>
  <rocommunity>public</rocommunity>
  <enable/>
 </snmpd>
 <diag>
  <ipv6nat>
   <ipaddr/>
  </ipv6nat>
 </diag>
 <bridge/>
 <syslog>
  <reverse/>
  <nentries>50</nentries>
  <remoteserver/>
  <rawfilter/>
 </syslog>
 <nat>
  <rule>
   <external-address>72.35.231.163</external-address>
   <protocol>tcp</protocol>
   <external-port>3389</external-port>
   <target>192.168.168.122</target>
   <local-port>3389</local-port>
   <interface>wan</interface>
   <descr>TS_LLNX_MSCRM01</descr>
  </rule>
  <rule>
   <external-address>72.35.231.171</external-address>
   <protocol>tcp</protocol>
   <external-port>443</external-port>
   <target>192.168.168.50</target>
   <local-port>443</local-port>
   <interface>wan</interface>
   <descr>HTTPS_Exchange01</descr>
  </rule>
  <rule>
   <external-address>72.35.231.171</external-address>
   <protocol>tcp</protocol>
   <external-port>3389</external-port>
   <target>192.168.168.26</target>
   <local-port>3389</local-port>
   <interface>wan</interface>
   <descr>TS_Staging01_171_2</descr>
  </rule>
  <servernat>
   <ipaddr>72.35.231.163</ipaddr>
   <descr>EXT_163</descr>
  </servernat>
  <servernat>
   <ipaddr>72.35.231.171</ipaddr>
   <descr>EXT_171</descr>
  </servernat>
 </nat>
 <filter>
  <rule>
   <type>pass</type>
   <interface>wan</interface>
   <protocol>icmp</protocol>
   <source>
    <any/>
   </source>
   <destination>
    <any/>
   </destination>
   <descr>WAN_ICMP_Echo</descr>
  </rule>
  <rule>
   <type>pass</type>
   <interface>wan</interface>
   <protocol>tcp</protocol>
   <source>
    <any/>
   </source>
   <destination>
    <any/>
    <port>3389</port>
   </destination>
   <descr>TS_Pass</descr>
  </rule>
  <rule>
   <interface>wan</interface>
   <protocol>tcp</protocol>
   <source>
    <any/>
   </source>
   <destination>
    <address>192.168.200.3</address>
    <port>80</port>
   </destination>
   <descr>NAT Zigman01 HTTP</descr>
   <disabled/>
  </rule>
  <rule>
   <interface>wan</interface>
   <protocol>tcp</protocol>
   <source>
    <any/>
   </source>
   <destination>
    <address>192.168.168.50</address>
    <port>443</port>
   </destination>
   <descr>NAT HTTPS_Exchange01</descr>
  </rule>
  <rule>
   <type>pass</type>
   <interface>pptp</interface>
   <protocol>tcp</protocol>
   <source>
    <any/>
   </source>
   <destination>
    <any/>
   </destination>
   <descr>PPTP_Passthru</descr>
  </rule>
  <rule>
   <type>pass</type>
   <descr>Default LAN -&gt; any</descr>
   <interface>lan</interface>
   <source>
    <network>lan</network>
   </source>
   <destination>
    <any/>
   </destination>
  </rule>
 </filter>
 <shaper/>
 <ipsec/>
 <aliases>
  <alias>
   <name>zigman01</name>
   <address>192.168.200.1</address>
   <descr>Zigman01</descr>
  </alias>
 </aliases>
 <proxyarp>
  <proxyarpnet>
   <interface>wan</interface>
   <network>72.35.231.163/32</network>
   <descr>EXT_163</descr>
  </proxyarpnet>
 </proxyarp>
 <wol/>
</m0n0wall>

Marty
 

________________________________

From: Lee Sharp [mailto:leesharp at hal dash pc dot org]
Sent: Thu 1/4/2007 9:19 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Dropped Connection on Additional / Multiple WAN IP Addresses



This should work as you describe, but your description of both server NAT
and a NAT rule have me confused.  Post your config.xml (with private stuff
removed) to be sure.