[ previous ] [ next ] [ threads ]
 
 From:  Trevor Merrill <trevor dot merrill at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Help with setup
 Date:  Sat, 24 May 2008 15:31:50 -0700 
I have tried twice unsuccessfully to implement Monowall in a data  
center and I cannot for the life of me figure out what I am doing  
wrong. I have a simliar setup running on another location but I am  
missing something. I was hoping the community could lend a hand so the  
third time is a charm. Let me describe the setup, i can even post the  
config if it goes that far.

Here is the setup:
Monowall 1.3B11 installed on a soekris 4501 - I have had success with  
this at two other sites

Network Range:
			WAN
			x.x.x.32 /28
			x.x.x.32 – Network ID
			x.x.x.33 – Data Center Switch
			x.x.x.34 – My Default Gateway
			x.x.x.35 – Data Center Switch
			x.x.x.36 through .46 – My Useable IP addresses
			x.x.x.36 - Monowall
			x.x.x.37 - web server 1
			x.x.x.38 - web server 2
			x.x.x.39 - web server 3
			x.x.x.47 – Broadcast
			255.255.255.240 – Subnet Mask

			LAN:
			192.168.5.1 /24
			DHCP - ON
			DHCP Range 192.168.5.150 - 192.168.5.160
			DNS - have 3 servers listed in general settings, 2 are root DNS  
servers and 1 is company DNS

All 3 servers Have a one to one NAT, with reverse Proxy ARP setup
firewall rules are basic:
LAN - all ports allowed out
WAN - ports 80, and a few others in

I plugged everything in and from laptop connected via DHCP everything  
was working great. I could ping out, browse web, etc but the servers  
could not ping out, and pings to public addresses failed from WAN. The  
websites they host did not come up, attempted browsing from WAN. All  
signs point to DNS settings so I manually entered the DNS settings in  
the server, even though the monowall should forward the DNS querys,  
and still nothing. The weird thing is when I looked at the firewall  
logs it was rejecting port 80 traffic from the WAN to the LAN, even  
though I had a rule setup allowing it to pass. I spent hours trying to  
figure out what was going on and got more confused as time went on.  
Here is a summary

1. Browsing web, pinging www.google.com, checking email worked great  
with laptop connected to LAN via DHCP
2 Servers with static LAN IPs, ping failed going out to  
www.google.com, with same DNS settings as DHCP client
3. From WAN, hosted websites would not come up, port 80 allowed from  
WAN to LAN
4. From WAN, ping failed to public 1:1 NATted IPs, even though ICMP  
from WAN to LAN was allowed

Any help would be appreciated, Lik I said I can post the config as well.

Trevor