[ previous ] [ next ] [ threads ]
 
 From:  "rlpumphrey at comcast dot net" <rlpumphrey at comcast dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: NAT configuration / troubleshooting
 Date:  Fri, 02 Feb 2007 20:31:17 -0700
First sorry about the direct email. I was aiming for the list, but have not
responded to often.

You should not have rule in OPT1rules with a destination of any IP on
the OPT1 subnet.

> >   Protocol:    TCP
> >   Source:      *
> >   Port:        *
> >   Destination: 192.168.2.100
> >   Port:        *

You should have a rule that allows traffic out of the OPT1 subnet.  But most likely not to the 
LAN subnet.

Protocal:  TCP
Source:  OPT1 
Port: *
Destination !LAN,
Port: *

You need a rule in the Wan rules to allow traffic from the outside into the web server.

Protocal:  TCP
Source:  *
Port: *
Destination 192.168.2.100
Port: HTTP (80)

What other rules do You have defined?  Is this a new setup?
The Wan IP address is xx.yy.105.90?
While I'm still new at this, I just put up a monowall firewall with a setup not unlike Yours.
These are very much like rules that I have on my WAN and OPT1.  I hope it helps.

On 2 Feb 2007 at 15:15, Thomas Brightbill wrote:

> 
> On Fri, 2 Feb 2007, Thomas Brightbill wrote:
> 
> > I also went to Firewall: Rules: OPT1 and entered the following
> >
> >   Protocol:    TCP
> >   Source:      *
> >   Port:        *
> >   Destination: 192.168.2.100
> >   Port:        *
> 
> missing from my original post, I have the following under Firewall: Rules:
> WAN
> 
>   Protocol:     TCP
>   Source:       *
>   Port          *
>   Desitination: 192.168.2.100
>   Port:         *
> 
> At the suggestion of someone who e-mailed me off-list, I added under
> Firewall: Rules: OPT1
> 
>   Protocol:     TCP
>   Source:       192.168.2.100
>   Port          *
>   Desitination: *
>   Port:         *
> 
> I checked the firewall log page and I can see entries with the following
> 
>   Act:          (deny symbol)
>   If:           WAN
>   Source:       (outside source address and port)
>   Destination:  129.168.2.100, port 80
>   Proto:        TCP
> 
> Finally, I tried adding
> 
>   Protocol:     *
>   Source:       *
>   Port          *
>   Desitination: OPT1 net
>   Port:         *
> 
> to the WAN tab and
> 
>   Protocol:     *
>   Source:       WAN address
>   Port          *
>   Desitination: *
>   Port:         *
> 
> to the OPT1 tab.  I moved both of those to the top of each list but still
> see the 'deny' entries in the firewall log
> 
> Any additional suggestions for troubleshooting or reconfiguring would be
> appreciated.
> 
> Thanks!
> 
> Thomas
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 



Robert L. Pumphrey
rlpumphrey at comcast dot net