|
||||||||||
I'll be honest, I am having a hard time being specific in describing my issue. It seems that DNS forwarding, firewall rules and 1:1 NAT could all be culprits but I had an impossible time narrowing down the problem with only a limited time in which the servers could be offline. At this point it I would guess that DNS was improperly configured but I can't see how. I duplicated the DNS settings that I had set on the router on the servers and still nothing could resolve. Additionally, I could not access my servers from the WAN side even though port 80 was opened to each host. I do appreciate the help. Trevor On May 25, 2008, at 8:48 AM, Bruno Miayamotto wrote: > You have to be very specific in describing youre issue. > -Net > > Sent from my iPhone > > On May 24, 2008, at 19:08, sai <sonicsai at gmail dot com> wrote: > >> when you say "ping failed going out to www.google.com" , how did it >> fail? >> did the server manage to get googles ip address? what was the output? >> >> can the webservers ping each other and the firewall? >> >> sai >> >> >> On 5/25/08, Trevor Merrill <trevor dot merrill at gmail dot com> wrote: >>> >>> I have tried twice unsuccessfully to implement Monowall in a data >>> center >>> and I cannot for the life of me figure out what I am doing wrong. >>> I have a >>> simliar setup running on another location but I am missing >>> something. I was >>> hoping the community could lend a hand so the third time is a >>> charm. Let me >>> describe the setup, i can even post the config if it goes that far. >>> >>> Here is the setup: >>> Monowall 1.3B11 installed on a soekris 4501 - I have had success >>> with this >>> at two other sites >>> >>> Network Range: >>> WAN >>> x.x.x.32 /28 >>> x.x.x.32 – Network ID >>> x.x.x.33 – Data Center Switch >>> x.x.x.34 – My Default Gateway >>> x.x.x.35 – Data Center Switch >>> x.x.x.36 through .46 – My Useable IP addresses >>> x.x.x.36 - Monowall >>> x.x.x.37 - web server 1 >>> x.x.x.38 - web server 2 >>> x.x.x.39 - web server 3 >>> x.x.x.47 – Broadcast >>> 255.255.255.240 – Subnet Mask >>> >>> LAN: >>> 192.168.5.1 /24 >>> DHCP - ON >>> DHCP Range 192.168.5.150 - 192.168.5.160 >>> DNS - have 3 servers listed in general >>> settings, 2 >>> are root DNS servers and 1 is company DNS >>> >>> All 3 servers Have a one to one NAT, with reverse Proxy ARP setup >>> firewall rules are basic: >>> LAN - all ports allowed out >>> WAN - ports 80, and a few others in >>> >>> I plugged everything in and from laptop connected via DHCP >>> everything was >>> working great. I could ping out, browse web, etc but the servers >>> could not >>> ping out, and pings to public addresses failed from WAN. The >>> websites they >>> host did not come up, attempted browsing from WAN. All signs point >>> to DNS >>> settings so I manually entered the DNS settings in the server, >>> even though >>> the monowall should forward the DNS querys, and still nothing. The >>> weird >>> thing is when I looked at the firewall logs it was rejecting port >>> 80 traffic >>> from the WAN to the LAN, even though I had a rule setup allowing >>> it to pass. >>> I spent hours trying to figure out what was going on and got more >>> confused >>> as time went on. Here is a summary >>> >>> 1. Browsing web, pinging www.google.com, checking email worked >>> great with >>> laptop connected to LAN via DHCP >>> 2 Servers with static LAN IPs, ping failed going out to www.google.com >>> , >>> with same DNS settings as DHCP client >>> 3. From WAN, hosted websites would not come up, port 80 allowed >>> from WAN to >>> LAN >>> 4. From WAN, ping failed to public 1:1 NATted IPs, even though >>> ICMP from >>> WAN to LAN was allowed >>> >>> Any help would be appreciated, Lik I said I can post the config as >>> well. >>> >>> Trevor >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >>> >>> |