[ previous ] [ next ] [ threads ]
 
 From:  sai <sonicsai at gmail dot com>
 To:  "Lloyd Palfrey" <Lloyd at wsufftrust dot org dot uk>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Firewall problem
 Date:  Mon, 5 Feb 2007 21:19:45 +0500
NAT doc: http://doc.m0n0.ch/handbook/nat.html

example setup of NAT :
http://doc.m0n0.ch/handbook/examples.html#id2603650

Note the example is for NATting to DMZ. It is not good practice to
allow ingress to your LAN, if you have another port allow only into
the DMZ.

If you still have problems post the NAT rules and also ip addresses of
the mono interfaces, the ip address of the machines you want to
access.

sai

On 2/5/07, Lloyd Palfrey <Lloyd at wsufftrust dot org dot uk> wrote:
> What sort of NAT is needed? Also cant find that section of the manual
> you are referring to.
>
> Many Thanks
>
> -----Original Message-----
> From: sai [mailto:sonicsai at gmail dot com]
> Sent: 05 February 2007 12:49
> To: Lloyd Palfrey
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] Firewall problem
>
> You need to add NAT rules. See the sample configs in the manual for how
> to do this
>
> sai
>
> On 2/5/07, Lloyd Palfrey <Lloyd at wsufftrust dot org dot uk> wrote:
> > I'm running into a problem accessing devices on the LAN interface from
>
> > another interface. As you can see, I can access m0n0wall itself but
> > not anything behind it. Here is my config :
> >
> > Topology
> > --------
> > 10.0.0.5 is behind a cisco pix.. which is connected to the m0n0wall
> > interface "WSH"
> > 172.16.2.1 is the m0n0wall
> > 172.16.2.4 is a wireless access point coming off the LAN interface on
> > the m0n0wall
> >
> >
> > m0n0wall Firewall Config (WSH Interface)
> > ----------------------------------------
> > TCP/UDP         10.0.0.5         *       LAN net         443 (HTTPS)
> > allow http access in from wsh
> > TCP/UDP         10.0.0.5         *       LAN net         161 - 162
> > allow snmp access in from wsh
> >
> >
> > Log Output
> > ----------
> > Accepted        11:20:30.107642         WSH      10.0.0.5, port 54141
> > 172.16.2.13, port 161  UDP
> > Accepted        11:20:32.083096         WSH      10.0.0.5, port 54145
> > 172.16.2.17, port 161   UDP
> > Accepted        11:21:13.379785         WSH      10.0.0.15, port 3882
> > 172.16.2.1, port 443    TCP
> >
> >
> > nmap from 10.0.0.5
> > ------------------
> > root@rcserv05:~# nmap -p 443 172.16.2.1
> > PORT    STATE SERVICE
> > 443/tcp open  https
> >
> > root@rcserv05:~# nmap -p 443 172.16.2.4
> > PORT    STATE    SERVICE
> > 443/tcp filtered https
> >
> > root@rcserv05:~# nmap -sU -p 161 172.16.2.1
> > PORT    STATE         SERVICE
> > 161/udp open|filtered snmp
> >
> > root@rcserv05:~# nmap -sU -p 161 172.16.2.4
> > PORT    STATE         SERVICE
> > 161/udp open|filtered snmp
> >
> >
> >
> > Disclaimer - February 5, 2007
> > This email and any files transmitted with it are confidential and
> intended solely for m0n0wall at lists dot m0n0 dot ch. If you are not the named
> addressee you should not disseminate, distribute, copy or alter this
> email. Any views or opinions presented in this email are solely those of
> the author and might not represent those of West Suffolk Hospital.
> Warning: Although we've has taken reasonable precautions to ensure no
> viruses are present in this email, we cannot accept responsibility for
> any loss or damage arising from the use of this email or attachments.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
>
>
> Disclaimer - February 5, 2007
> This email and any files transmitted with it are confidential and intended solely for
m0n0wall at lists dot m0n0 dot ch. If you are not the named addressee you should not disseminate, distribute,
copy or alter this email. Any views or opinions presented in this email are solely those of the
author and might not represent those of West Suffolk Hospital. Warning: Although we've has taken
reasonable precautions to ensure no viruses are present in this email, we cannot accept
responsibility for any loss or damage arising from the use of this email or attachments.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>