[ previous ] [ next ] [ threads ]
 From:  "Jeremy Flaugh" <Jeremy at flaughs2000 dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: can't get m0n0wall to open port 80 other than to webGUI
 Date:  Sun, 18 Feb 2007 08:24:30 -0500
The picture says it all.

(((((((Well the picture will not fit through your mail server it was a
screen shot of the DNS forwarder page.)))))) 

Your web site should have been available from the outside during that port
forward you do not need to change the port of the web GUI for this to work.

I use grc.com to double check my firewall from the outside after I make any
changes just incase I turn it into Swiss cheese.

And ask a friend to check on your web site the next time you port forward
and test. 


Manuel thanks for putting together a great product don't let anyone cut it


Chris you can add Microsoft ISA server to the list of firewalls that do not
let out/in traffic I spoke to a Microsoft ISA engineer about this type of
behavior of a firewall and I was told it is not secure for a firewall to let
connections from an internal interface to access services published on a
external interface. So m0n0 behaving this way makes me feel good about this
product that it is secure and industry standard. 


Thanks and welcome.

Jeremy Flaugh

-----Original Message-----
From: Dave Penn [mailto:djpenn3 at gmail dot com] 
Sent: Saturday, February 17, 2007 3:33 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: can't get m0n0wall to open port 80 other than to webGUI

Hi and thanks in advance for any help you can give me.

I have Comcast and have been running HTTP and FTP servers through a 
Netgear router with no problem.

I heard great things about m0n0wall and decided to give it a go.  I've 
installed m0n0wall 1.23b3 on a generic pc's hard drive using a 
two-interface system to keep things simple for initial configuration 
purposes.  I'm using Intel Pro/100 nics for both interfaces.  The 
LAN-to-WAN connection works great.  Had to power-cycle the cable modem 
to get a connection without spoofing one of my PC's MAC addresses, but 
that fixed it.  I have the webGUI set to work via https on port 443.

I have DHCP running on the LAN.  Three machines, two of which are 
servers I need to give access to from the WAN, are on static IP 
assignments, outside of the DHCP address range.

I set up a NAT (inbound) HTTP assignment to my web server's LAN IP 
address and let the webGUI create a corresponding firewall rule.  
Everything else is configured as installed.

The problem is that monowall won't direct HTTP traffic to the NAT-ed LAN 
host I've specified.  If I enter either my WAN IP or domain name into a 
browser, I get nothing.  I can reset the webGUI to work on http (port 
80), but then if I try to access my WAN IP or domain name, all I get is 
the webGUI login prompt - not a connection to my web server, as I've 
configured in the NAT and firewall rules.  I've tried deleting all the 
NAT and firewall entries and starting over, but to no avail.  Also tried 
blocking WAN access to m0n0wall's LAN IP address - that didn't work either.

Reading the logs shows no traffic either passed or blocked on port 80.

On the other hand, putting my cheapo Netgear router back in line 
restores everything just as if I hadn't just wasted several hours on 
another piece of underdeveloped open-source geekware.  Maybe you get 
what you pay for in this case as in most others.

I'd like to use m0n0wall and  have time to work, drink, get laid, go 
shopping, etc.

Can anyone help?