[ previous ] [ next ] [ threads ]
 
 From:  "Lloyd Palfrey" <Lloyd at wsufftrust dot org dot uk>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Firewall problem
 Date:  Mon, 5 Feb 2007 11:32:20 -0000
I'm running into a problem accessing devices on the LAN interface from
another interface. As you can see, I can access m0n0wall itself but not
anything behind it. Here is my config : 

Topology
--------
10.0.0.5 is behind a cisco pix.. which is connected to the m0n0wall
interface "WSH"
172.16.2.1 is the m0n0wall
172.16.2.4 is a wireless access point coming off the LAN interface on
the m0n0wall


m0n0wall Firewall Config (WSH Interface)
----------------------------------------
TCP/UDP  	10.0.0.5  	 *  	 LAN net  	 443 (HTTPS)
allow http access in from wsh   	
TCP/UDP 	10.0.0.5 	 * 	 LAN net 	 161 - 162
allow snmp access in from wsh  	


Log Output
----------
Accepted   	11:20:30.107642  	WSH  	 10.0.0.5, port 54141
172.16.2.13, port 161  UDP
Accepted	11:20:32.083096 	WSH 	 10.0.0.5, port 54145
172.16.2.17, port 161 	UDP
Accepted	11:21:13.379785 	WSH 	 10.0.0.15, port 3882
172.16.2.1, port 443 	TCP


nmap from 10.0.0.5
------------------
root@rcserv05:~# nmap -p 443 172.16.2.1
PORT    STATE SERVICE
443/tcp open  https

root@rcserv05:~# nmap -p 443 172.16.2.4
PORT    STATE    SERVICE
443/tcp filtered https

root@rcserv05:~# nmap -sU -p 161 172.16.2.1
PORT    STATE         SERVICE
161/udp open|filtered snmp

root@rcserv05:~# nmap -sU -p 161 172.16.2.4
PORT    STATE         SERVICE
161/udp open|filtered snmp



Disclaimer - February 5, 2007 
This email and any files transmitted with it are confidential and intended solely for
m0n0wall at lists dot m0n0 dot ch. If you are not the named addressee you should not disseminate, distribute,
copy or alter this email. Any views or opinions presented in this email are solely those of the
author and might not represent those of West Suffolk Hospital. Warning: Although we've has taken
reasonable precautions to ensure no viruses are present in this email, we cannot accept
responsibility for any loss or damage arising from the use of this email or attachments.