[ previous ] [ next ] [ threads ]
 
 From:  "Lloyd Palfrey" <Lloyd at wsufftrust dot org dot uk>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Firewall problem
 Date:  Mon, 5 Feb 2007 13:48:11 -0000 
What sort of NAT is needed? Also cant find that section of the manual
you are referring to. 

Many Thanks

-----Original Message-----
From: sai [mailto:sonicsai at gmail dot com] 
Sent: 05 February 2007 12:49
To: Lloyd Palfrey
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Firewall problem

You need to add NAT rules. See the sample configs in the manual for how
to do this

sai

On 2/5/07, Lloyd Palfrey <Lloyd at wsufftrust dot org dot uk> wrote:
> I'm running into a problem accessing devices on the LAN interface from

> another interface. As you can see, I can access m0n0wall itself but 
> not anything behind it. Here is my config :
>
> Topology
> --------
> 10.0.0.5 is behind a cisco pix.. which is connected to the m0n0wall 
> interface "WSH"
> 172.16.2.1 is the m0n0wall
> 172.16.2.4 is a wireless access point coming off the LAN interface on 
> the m0n0wall
>
>
> m0n0wall Firewall Config (WSH Interface)
> ----------------------------------------
> TCP/UDP         10.0.0.5         *       LAN net         443 (HTTPS)
> allow http access in from wsh
> TCP/UDP         10.0.0.5         *       LAN net         161 - 162
> allow snmp access in from wsh
>
>
> Log Output
> ----------
> Accepted        11:20:30.107642         WSH      10.0.0.5, port 54141
> 172.16.2.13, port 161  UDP
> Accepted        11:20:32.083096         WSH      10.0.0.5, port 54145
> 172.16.2.17, port 161   UDP
> Accepted        11:21:13.379785         WSH      10.0.0.15, port 3882
> 172.16.2.1, port 443    TCP
>
>
> nmap from 10.0.0.5
> ------------------
> root@rcserv05:~# nmap -p 443 172.16.2.1
> PORT    STATE SERVICE
> 443/tcp open  https
>
> root@rcserv05:~# nmap -p 443 172.16.2.4
> PORT    STATE    SERVICE
> 443/tcp filtered https
>
> root@rcserv05:~# nmap -sU -p 161 172.16.2.1
> PORT    STATE         SERVICE
> 161/udp open|filtered snmp
>
> root@rcserv05:~# nmap -sU -p 161 172.16.2.4
> PORT    STATE         SERVICE
> 161/udp open|filtered snmp
>
>
>
> Disclaimer - February 5, 2007
> This email and any files transmitted with it are confidential and
intended solely for m0n0wall at lists dot m0n0 dot ch. If you are not the named
addressee you should not disseminate, distribute, copy or alter this
email. Any views or opinions presented in this email are solely those of
the author and might not represent those of West Suffolk Hospital.
Warning: Although we've has taken reasonable precautions to ensure no
viruses are present in this email, we cannot accept responsibility for
any loss or damage arising from the use of this email or attachments.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>


Disclaimer - February 5, 2007 
This email and any files transmitted with it are confidential and intended solely for
m0n0wall at lists dot m0n0 dot ch. If you are not the named addressee you should not disseminate, distribute,
copy or alter this email. Any views or opinions presented in this email are solely those of the
author and might not represent those of West Suffolk Hospital. Warning: Although we've has taken
reasonable precautions to ensure no viruses are present in this email, we cannot accept
responsibility for any loss or damage arising from the use of this email or attachments.