[ previous ] [ next ] [ threads ]
 
 From:  sai <sonicsai at gmail dot com>
 To:  "Trevor Merrill" <trevor dot merrill at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Help with setup
 Date:  Sun, 25 May 2008 05:08:40 +0500 
when you say "ping failed going out to www.google.com" , how did it fail?
did the server manage to get googles ip address? what was the output?

can the webservers ping each other and the firewall?

sai


On 5/25/08, Trevor Merrill <trevor dot merrill at gmail dot com> wrote:
>
> I have tried twice unsuccessfully to implement Monowall in a data center
> and I cannot for the life of me figure out what I am doing wrong. I have a
> simliar setup running on another location but I am missing something. I was
> hoping the community could lend a hand so the third time is a charm. Let me
> describe the setup, i can even post the config if it goes that far.
>
> Here is the setup:
> Monowall 1.3B11 installed on a soekris 4501 - I have had success with this
> at two other sites
>
> Network Range:
>                        WAN
>                        x.x.x.32 /28
>                        x.x.x.32 – Network ID
>                        x.x.x.33 – Data Center Switch
>                        x.x.x.34 – My Default Gateway
>                        x.x.x.35 – Data Center Switch
>                        x.x.x.36 through .46 – My Useable IP addresses
>                        x.x.x.36 - Monowall
>                        x.x.x.37 - web server 1
>                        x.x.x.38 - web server 2
>                        x.x.x.39 - web server 3
>                        x.x.x.47 – Broadcast
>                        255.255.255.240 – Subnet Mask
>
>                        LAN:
>                        192.168.5.1 /24
>                        DHCP - ON
>                        DHCP Range 192.168.5.150 - 192.168.5.160
>                        DNS - have 3 servers listed in general settings, 2
> are root DNS servers and 1 is company DNS
>
> All 3 servers Have a one to one NAT, with reverse Proxy ARP setup
> firewall rules are basic:
> LAN - all ports allowed out
> WAN - ports 80, and a few others in
>
> I plugged everything in and from laptop connected via DHCP everything was
> working great. I could ping out, browse web, etc but the servers could not
> ping out, and pings to public addresses failed from WAN. The websites they
> host did not come up, attempted browsing from WAN. All signs point to DNS
> settings so I manually entered the DNS settings in the server, even though
> the monowall should forward the DNS querys, and still nothing. The weird
> thing is when I looked at the firewall logs it was rejecting port 80 traffic
> from the WAN to the LAN, even though I had a rule setup allowing it to pass.
> I spent hours trying to figure out what was going on and got more confused
> as time went on. Here is a summary
>
> 1. Browsing web, pinging www.google.com, checking email worked great with
> laptop connected to LAN via DHCP
> 2 Servers with static LAN IPs, ping failed going out to www.google.com,
> with same DNS settings as DHCP client
> 3. From WAN, hosted websites would not come up, port 80 allowed from WAN to
> LAN
> 4. From WAN, ping failed to public 1:1 NATted IPs, even though ICMP from
> WAN to LAN was allowed
>
> Any help would be appreciated, Lik I said I can post the config as well.
>
> Trevor
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>