[ previous ] [ next ] [ threads ]
 From:  Trevor Merrill <trevor dot merrill at gmail dot com>
 To:  Bruno Miayamotto <brunomluque at gmail dot com>
 Cc:  sai <sonicsai at gmail dot com>, "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Help with setup
 Date:  Sun, 25 May 2008 09:24:45 -0700
I'll be honest, I am having a hard time being specific in describing  
my issue. It seems that DNS forwarding, firewall rules and 1:1 NAT  
could all be culprits but I had an impossible time narrowing down the  
problem with only a limited time in which the servers could be  
offline. At this point it I would guess that DNS was improperly  
configured but I can't see how. I duplicated the DNS settings that I  
had set on the router on the servers and still nothing could resolve.  
Additionally, I could not access my servers from the WAN side even  
though port 80 was opened to each host.

I do appreciate the help.

On May 25, 2008, at 8:48 AM, Bruno Miayamotto wrote:

> You have to be very specific in describing youre issue.
> -Net
> Sent from my iPhone
> On May 24, 2008, at 19:08, sai <sonicsai at gmail dot com> wrote:
>> when you say "ping failed going out to www.google.com" , how did it  
>> fail?
>> did the server manage to get googles ip address? what was the output?
>> can the webservers ping each other and the firewall?
>> sai
>> On 5/25/08, Trevor Merrill <trevor dot merrill at gmail dot com> wrote:
>>> I have tried twice unsuccessfully to implement Monowall in a data  
>>> center
>>> and I cannot for the life of me figure out what I am doing wrong.  
>>> I have a
>>> simliar setup running on another location but I am missing  
>>> something. I was
>>> hoping the community could lend a hand so the third time is a  
>>> charm. Let me
>>> describe the setup, i can even post the config if it goes that far.
>>> Here is the setup:
>>> Monowall 1.3B11 installed on a soekris 4501 - I have had success  
>>> with this
>>> at two other sites
>>> Network Range:
>>>                      WAN
>>>                      x.x.x.32 /28
>>>                      x.x.x.32  Network ID
>>>                      x.x.x.33  Data Center Switch
>>>                      x.x.x.34  My Default Gateway
>>>                      x.x.x.35  Data Center Switch
>>>                      x.x.x.36 through .46  My Useable IP addresses
>>>                      x.x.x.36 - Monowall
>>>                      x.x.x.37 - web server 1
>>>                      x.x.x.38 - web server 2
>>>                      x.x.x.39 - web server 3
>>>                      x.x.x.47  Broadcast
>>>              Subnet Mask
>>>                      LAN:
>>>             /24
>>>                      DHCP - ON
>>>                      DHCP Range -
>>>                      DNS - have 3 servers listed in general  
>>> settings, 2
>>> are root DNS servers and 1 is company DNS
>>> All 3 servers Have a one to one NAT, with reverse Proxy ARP setup
>>> firewall rules are basic:
>>> LAN - all ports allowed out
>>> WAN - ports 80, and a few others in
>>> I plugged everything in and from laptop connected via DHCP  
>>> everything was
>>> working great. I could ping out, browse web, etc but the servers  
>>> could not
>>> ping out, and pings to public addresses failed from WAN. The  
>>> websites they
>>> host did not come up, attempted browsing from WAN. All signs point  
>>> to DNS
>>> settings so I manually entered the DNS settings in the server,  
>>> even though
>>> the monowall should forward the DNS querys, and still nothing. The  
>>> weird
>>> thing is when I looked at the firewall logs it was rejecting port  
>>> 80 traffic
>>> from the WAN to the LAN, even though I had a rule setup allowing  
>>> it to pass.
>>> I spent hours trying to figure out what was going on and got more  
>>> confused
>>> as time went on. Here is a summary
>>> 1. Browsing web, pinging www.google.com, checking email worked  
>>> great with
>>> laptop connected to LAN via DHCP
>>> 2 Servers with static LAN IPs, ping failed going out to www.google.com 
>>> ,
>>> with same DNS settings as DHCP client
>>> 3. From WAN, hosted websites would not come up, port 80 allowed  
>>> from WAN to
>>> LAN
>>> 4. From WAN, ping failed to public 1:1 NATted IPs, even though  
>>> ICMP from
>>> WAN to LAN was allowed
>>> Any help would be appreciated, Lik I said I can post the config as  
>>> well.
>>> Trevor
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch