[ previous ] [ next ] [ threads ]
 
 From:  Bruno Miayamotto <brunomluque at gmail dot com>
 To:  sai <sonicsai at gmail dot com>
 Cc:  Trevor Merrill <trevor dot merrill at gmail dot com>, "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Help with setup
 Date:  Sun, 25 May 2008 10:48:36 -0500
You have to be very specific in describing youre issue.
-Net

Sent from my iPhone

On May 24, 2008, at 19:08, sai <sonicsai at gmail dot com> wrote:

> when you say "ping failed going out to www.google.com" , how did it  
> fail?
> did the server manage to get googles ip address? what was the output?
>
> can the webservers ping each other and the firewall?
>
> sai
>
>
> On 5/25/08, Trevor Merrill <trevor dot merrill at gmail dot com> wrote:
>>
>> I have tried twice unsuccessfully to implement Monowall in a data  
>> center
>> and I cannot for the life of me figure out what I am doing wrong. I  
>> have a
>> simliar setup running on another location but I am missing  
>> something. I was
>> hoping the community could lend a hand so the third time is a  
>> charm. Let me
>> describe the setup, i can even post the config if it goes that far.
>>
>> Here is the setup:
>> Monowall 1.3B11 installed on a soekris 4501 - I have had success  
>> with this
>> at two other sites
>>
>> Network Range:
>>                       WAN
>>                       x.x.x.32 /28
>>                       x.x.x.32 – Network ID
>>                       x.x.x.33 – Data Center Switch
>>                       x.x.x.34 – My Default Gateway
>>                       x.x.x.35 – Data Center Switch
>>                       x.x.x.36 through .46 – My Useable IP addres 
>> ses
>>                       x.x.x.36 - Monowall
>>                       x.x.x.37 - web server 1
>>                       x.x.x.38 - web server 2
>>                       x.x.x.39 - web server 3
>>                       x.x.x.47 – Broadcast
>>                       255.255.255.240 – Subnet Mask
>>
>>                       LAN:
>>                       192.168.5.1 /24
>>                       DHCP - ON
>>                       DHCP Range 192.168.5.150 - 192.168.5.160
>>                       DNS - have 3 servers listed in general  
>> settings, 2
>> are root DNS servers and 1 is company DNS
>>
>> All 3 servers Have a one to one NAT, with reverse Proxy ARP setup
>> firewall rules are basic:
>> LAN - all ports allowed out
>> WAN - ports 80, and a few others in
>>
>> I plugged everything in and from laptop connected via DHCP  
>> everything was
>> working great. I could ping out, browse web, etc but the servers  
>> could not
>> ping out, and pings to public addresses failed from WAN. The  
>> websites they
>> host did not come up, attempted browsing from WAN. All signs point  
>> to DNS
>> settings so I manually entered the DNS settings in the server, even  
>> though
>> the monowall should forward the DNS querys, and still nothing. The  
>> weird
>> thing is when I looked at the firewall logs it was rejecting port  
>> 80 traffic
>> from the WAN to the LAN, even though I had a rule setup allowing it  
>> to pass.
>> I spent hours trying to figure out what was going on and got more  
>> confused
>> as time went on. Here is a summary
>>
>> 1. Browsing web, pinging www.google.com, checking email worked  
>> great with
>> laptop connected to LAN via DHCP
>> 2 Servers with static LAN IPs, ping failed going out to www.google.com 
>> ,
>> with same DNS settings as DHCP client
>> 3. From WAN, hosted websites would not come up, port 80 allowed  
>> from WAN to
>> LAN
>> 4. From WAN, ping failed to public 1:1 NATted IPs, even though ICMP  
>> from
>> WAN to LAN was allowed
>>
>> Any help would be appreciated, Lik I said I can post the config as  
>> well.
>>
>> Trevor
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>