[ previous ] [ next ] [ threads ]
 From:  Trevor Merrill <trevor dot merrill at gmail dot com>
 To:  sai <sonicsai at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Help with setup
 Date:  Sun, 25 May 2008 07:51:44 -0700
It could not resolve the address. The servers could ping each other  
(if I remember correctly) but most likely because they had records of  
each other in /etc/hosts. The servers could also ping the firewall.


On May 24, 2008, at 5:08 PM, sai wrote:

> when you say "ping failed going out to www.google.com" , how did it  
> fail? did the server manage to get googles ip address? what was the  
> output?
> can the webservers ping each other and the firewall?
> sai
> On 5/25/08, Trevor Merrill <trevor dot merrill at gmail dot com> wrote:
> I have tried twice unsuccessfully to implement Monowall in a data  
> center and I cannot for the life of me figure out what I am doing  
> wrong. I have a simliar setup running on another location but I am  
> missing something. I was hoping the community could lend a hand so  
> the third time is a charm. Let me describe the setup, i can even  
> post the config if it goes that far.
> Here is the setup:
> Monowall 1.3B11 installed on a soekris 4501 - I have had success  
> with this at two other sites
> Network Range:
>                        WAN
>                        x.x.x.32 /28
>                        x.x.x.32  Network ID
>                        x.x.x.33  Data Center Switch
>                        x.x.x.34  My Default Gateway
>                        x.x.x.35  Data Center Switch
>                        x.x.x.36 through .46  My Useable IP addresses
>                        x.x.x.36 - Monowall
>                        x.x.x.37 - web server 1
>                        x.x.x.38 - web server 2
>                        x.x.x.39 - web server 3
>                        x.x.x.47  Broadcast
>                Subnet Mask
>                        LAN:
>               /24
>                        DHCP - ON
>                        DHCP Range -
>                        DNS - have 3 servers listed in general  
> settings, 2 are root DNS servers and 1 is company DNS
> All 3 servers Have a one to one NAT, with reverse Proxy ARP setup
> firewall rules are basic:
> LAN - all ports allowed out
> WAN - ports 80, and a few others in
> I plugged everything in and from laptop connected via DHCP  
> everything was working great. I could ping out, browse web, etc but  
> the servers could not ping out, and pings to public addresses failed  
> from WAN. The websites they host did not come up, attempted browsing  
> from WAN. All signs point to DNS settings so I manually entered the  
> DNS settings in the server, even though the monowall should forward  
> the DNS querys, and still nothing. The weird thing is when I looked  
> at the firewall logs it was rejecting port 80 traffic from the WAN  
> to the LAN, even though I had a rule setup allowing it to pass. I  
> spent hours trying to figure out what was going on and got more  
> confused as time went on. Here is a summary
> 1. Browsing web, pinging www.google.com, checking email worked great  
> with laptop connected to LAN via DHCP
> 2 Servers with static LAN IPs, ping failed going out to  
> www.google.com, with same DNS settings as DHCP client
> 3. From WAN, hosted websites would not come up, port 80 allowed from  
> WAN to LAN
> 4. From WAN, ping failed to public 1:1 NATted IPs, even though ICMP  
> from WAN to LAN was allowed
> Any help would be appreciated, Lik I said I can post the config as  
> well.
> Trevor
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch