It could not resolve the address. The servers could ping each other  
(if I remember correctly) but most likely because they had records of  
each other in /etc/hosts. The servers could also ping the firewall.

Trevor

On May 24, 2008, at 5:08 PM, sai wrote:

> when you say "ping failed going out to www.google.com" , how did it  
> fail? did the server manage to get googles ip address? what was the  
> output?
>
> can the webservers ping each other and the firewall?
>
> sai
>
>
> On 5/25/08, Trevor Merrill <trevor dot merrill at gmail dot com> wrote:
> I have tried twice unsuccessfully to implement Monowall in a data  
> center and I cannot for the life of me figure out what I am doing  
> wrong. I have a simliar setup running on another location but I am  
> missing something. I was hoping the community could lend a hand so  
> the third time is a charm. Let me describe the setup, i can even  
> post the config if it goes that far.
>
> Here is the setup:
> Monowall 1.3B11 installed on a soekris 4501 - I have had success  
> with this at two other sites
>
> Network Range:
>                        WAN
>                        x.x.x.32 /28
>                        x.x.x.32 – Network ID
>                        x.x.x.33 – Data Center Switch
>                        x.x.x.34 – My Default Gateway
>                        x.x.x.35 – Data Center Switch
>                        x.x.x.36 through .46 – My Useable IP addresses
>                        x.x.x.36 - Monowall
>                        x.x.x.37 - web server 1
>                        x.x.x.38 - web server 2
>                        x.x.x.39 - web server 3
>                        x.x.x.47 – Broadcast
>                        255.255.255.240 – Subnet Mask
>
>                        LAN:
>                        192.168.5.1 /24
>                        DHCP - ON
>                        DHCP Range 192.168.5.150 - 192.168.5.160
>                        DNS - have 3 servers listed in general  
> settings, 2 are root DNS servers and 1 is company DNS
>
> All 3 servers Have a one to one NAT, with reverse Proxy ARP setup
> firewall rules are basic:
> LAN - all ports allowed out
> WAN - ports 80, and a few others in
>
> I plugged everything in and from laptop connected via DHCP  
> everything was working great. I could ping out, browse web, etc but  
> the servers could not ping out, and pings to public addresses failed  
> from WAN. The websites they host did not come up, attempted browsing  
> from WAN. All signs point to DNS settings so I manually entered the  
> DNS settings in the server, even though the monowall should forward  
> the DNS querys, and still nothing. The weird thing is when I looked  
> at the firewall logs it was rejecting port 80 traffic from the WAN  
> to the LAN, even though I had a rule setup allowing it to pass. I  
> spent hours trying to figure out what was going on and got more  
> confused as time went on. Here is a summary
>
> 1. Browsing web, pinging www.google.com, checking email worked great  
> with laptop connected to LAN via DHCP
> 2 Servers with static LAN IPs, ping failed going out to  
> www.google.com, with same DNS settings as DHCP client
> 3. From WAN, hosted websites would not come up, port 80 allowed from  
> WAN to LAN
> 4. From WAN, ping failed to public 1:1 NATted IPs, even though ICMP  
> from WAN to LAN was allowed
>
> Any help would be appreciated, Lik I said I can post the config as  
> well.
>
> Trevor
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>