[ previous ] [ next ] [ threads ]
 
 From:  sai <sonicsai at gmail dot com>
 To:  "=?ISO-8859-1?Q?Yannick_Br=E9hon?=" <y dot brehon at qiplay dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Firewall not respecting rules ?!?
 Date:  Mon, 21 Jul 2008 07:55:50 -0600 
http://doc.m0n0.ch/handbook/faq-transparentproxy.html ?

sai

On 7/21/08, Yannick Bréhon <y dot brehon at qiplay dot com> wrote:
> Actually, behind my WAN interface is 192.168.1.0 / 24 and behind my LAN
>  interface is 192.168.128.0 / 17.
>  the "real" IP address is behind my ADSL box with 192.168.1.1
>
>  So it looks like this:
>
>  Internet
>    |
>  192.168.1.1
>    |
>   ----------
>   |        |
>  BOX      Monowall
>              |_192.168.128.0/17
>
>  Problem is that I would like my BOX to SSH into the "monowalled"
>  network, without NATting through the Monowall, but using "regular" routing.
>  Is that not possible??
>
>
>  sai a écrit :
>
> > assuming your LAN is private IP addresses and your WAN is real ip addresses
>  >
>  > <1> you need to add NAT rules.
>  > <2> ping is not good at being natted....if you have many pings going
>  > at the same time some may not work
>  >
>  > sai
>  >
>  >
>  > On 7/21/08, Yannick Bréhon <y dot brehon at qiplay dot com> wrote:
>  >> Hello!
>  >>  I have been using m0n0 for quite a while now as my company's router and
>  >>  firewall, with great results I must say, but I have recently run into
>  >>  some trouble while changing things in my network.
>  >>
>  >>  I have computers sitting behind the WAN interface, and others behind the
>  >>  LAN one. Even when I add "pass-all" rules on both those interfaces, (and
>  >>  reset states), m0n0 doesn't let traffic go from LAN to WAN in some very
>  >>  specific circumstances. These are resumed here:
>  >>  LAN will ping WAN without any trouble
>  >>  WAN will ping LAN, the LAN computers receive the PING request, send a
>  >>  PING response which is filtered by m0n0.
>  >>  Same thing with SSH, etc (i.e.: computers sitting on the LAN side can
>  >>  easily ssh into boxes on the WAN side, but the contrary is not true. WAN
>  >>  computers receive the TCP open packet, reply, and the m0n0wall filters
>  >>  this reply)
>  >>
>  >>  I even see the firewall log saying it has actively filtered the TCP
>  >>  responses from LAN to WAN, though I have no "block" rules setup... In
>  >>  fact there is even a proper state created in the firewall states in the
>  >>  WAN->LAN direction, and yet the replies are blocked.
>  >>
>  >>  I am really puzzled by this behavior, and would appreciate any help and
>  >>  advice you might have!
>  >>
>  >>  Thank you very much,
>  >>  Yannick
>  >>
>  >>  ---------------------------------------------------------------------
>  >>  To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>  >>  For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>  >>
>  >>
>  >
>  >
>