RE: [m0n0wall] Cannot get SSH (or any service published) behind m0n0wall

From:	Hilton Travis <Hilton at QuarkAV dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	RE: [m0n0wall] Cannot get SSH (or any service published) behind m0n0wall
Date:	Fri, 05 Mar 2004 08:00:32 +1000
Hi Joe,

The reason you are not getting more help on here is because of the
desperate lack of information in your original and followup posts.  You
were even asked for more information, yet you didn't post any to the
list.

Unless you describe your configuration in enough detail for someone else
to know what you have done, then it is next to impossible for people to
help.

As for the gateway, this will kill any service if its pointing to
anywhere other than where it shuld - your m0n0wall config was fine, it
seemed, but you had configured your server incorrectly.  If you had
given enough information about your m0n0wall configuration, then maybe
we could have helped you solve this earlier.

Again, the main reason questions don't get answered is because of a
dearth of information about the actual in-place configuration of a
m0n0wall, NOT because we don't care.  We all have other things to do -
and do not get paid for supporting m0n0wall - but are willing to help
where the poster offers sufficient information to let us help.

Regards,
HiltonT

On Mon, 2004-03-01 at 07:04, Joe Smith wrote:
> Bart,
> 
> Thanks for your clean lab.  You helped me solve the
> problem on one of my test environments with the WAN
> setting of disabling private networks.  I also
> realized that my default gateway was not set on the
> server to use m0n0wall because I am bringing it on in
> stages.  I changed the gateway and now the SSH NAT
> works.
> 
> Fraser - I hope this helps you as well.
> 
> Joe
> 
> 
> --- Fraser Dowall <fraser at dowall dot com> wrote:
> > I cant get this to work with the latest version
> > either..
> >  
> > I posted to the forums twice but it never seems to
> > work! :(
> >  
> > I was trying to expose an internal web server.. also
> > no LUCK! :(
> >  
> > I sent the below twice .. if it doesn't go to the
> > list.. could someone
> > please forward it on my behalf... Port forwarding
> > does NOT seem to work!
> >  
> >  
> >  
> > Resent : Did not show up in list .
> >  
> > If someone could help me Im probably doing it
> > totally wrong. Ive read
> > as much as I can from the archives and still cannot
> > figure it out.
> >  
> > I have a web server in my internal network that I
> > would like to be
> > available to the outside. With my linksys I just
> > forwarded port 80 to
> > the ip and it was done.
> >  
> > In M0n0wall I realized that this would be a LITTLE
> > more tricky but here
> > is what I did..
> >  
> >  
> > I went to Inbound NAT
> >  
> > 
> > Proto
> > Ext. port range
> > NAT IP
> > (ext. IP)
> > Int. port range
> > Description
> >  
> > 
> > TCP/UDP 
> > 88 
> > 192.168.1.101 
> > 80 (HTTP) 
> > My Web Server 
> >  
> >  
> > I hope that showed up if not :
> > Proto    Ext. port range  NAT IP
> > (ext. IP)            Int. port range   Description  
> >     
> > TCP/UDP        88        192.168.1.101            
> > 80 (HTTP)       My
> > Web Server           
> >  
> >  
> >  
> >  
> > WAN interface  
> >   Proto Source Port Destination Port Description  
> >   TCP  *  *  192.168.1.101  80  NAT Tivo   Proto    
> >   Ext. port range
> > NAT IP
> > (ext. IP)            Int. port range   Description  
> >     
> > TCP/UDP        88        192.168.1.101            
> > 80 (HTTP)       My
> > Web Server           
> >  
> >  
> > Note I changed it to TCP/UDP after it was not
> > working and I put the port
> > to 88 as 80 is being used for the gui ;)
> >  
> > I let this make the rule for the fire wall :
> >  
> > 
> > WAN interface
> >  
> > 
> >  
> > Proto
> > Source
> > Port
> > Destination
> > Port
> > Description
> >  
> > 
> > 
> > TCP 
> > * 
> > * 
> > 192.168.1.101 
> > 80 
> > NAT My Web Server  
> >  
> >  
> >  
> >  
> > WAN interface  
> >   Proto Source Port Destination Port Description  
> >   TCP  *  *  192.168.1.101  80  NAT Tivo   
> > I think that this should forward port 88 from the
> > wan to 192.168.1.101
> > port 80 on my lan and allow me to view the
> > webserver.
> >  
> > If not.. Im totally lost.. either way .. it does
> > not work for me under
> > this configuration.
> >  
> > <PLEASE HAAAAALP!>
> >  
> > Yours,
> >      Fraser
> >  
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system
> > (http://www.grisoft.com).
> > Version: 6.0.587 / Virus Database: 371 - Release
> > Date: 2/12/04
> >  
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system
> > (http://www.grisoft.com).
> > Version: 6.0.587 / Virus Database: 371 - Release
> > Date: 2/12/04
> >  
> >  
> > -----Original Message-----
> > From: Joe Smith [mailto:clearview9999 at yahoo dot com] 
> > Sent: February 29, 2004 9:24 AM
> > To: Bart Smit
> > Cc: Michael Iedema; m0n0wall at lists dot m0n0 dot ch
> > Subject: Re: [m0n0wall] Cannot get SSH (or any
> > service published) behind
> > m0n0wall
> >  
> > Bart,
> >  
> > Version is 1.0 and the pb just before it.
> >  
> >  
> > --- Bart Smit <bit at pipe dot nl> wrote:
> > > Joe Smith wrote:
> > > 
> > > > I am getting emails sent to me without going to
> > > the
> > > > list agreeing with me that there is a problem
> > here
> > > > that is not being resolved.
> > > 
> > > Can you come up with a minimal configuration that
> > > exhibits
> > > the problem, and can you tell us what version of
> > > m0n0wall
> > > you are using? I'd like to help.
> > > 
> > > --Bart
> > > 
> > > 
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail:
> > > m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > For additional commands, e-mail:
> > > m0n0wall dash help at lists dot m0n0 dot ch
> > > 
> >  
> > __________________________________
> > Do you Yahoo!?
> > Get better spam protection with Yahoo! Mail.
> > http://antispam.yahoo.com/tools
> >  
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail:
> > m0n0wall dash help at lists dot m0n0 dot ch
> >  
> >  
> > ---
> > Incoming mail is certified Virus Free.
> > Checked by AVG anti-virus system
> > (http://www.grisoft.com).
> > Version: 6.0.587 / Virus Database: 371 - Release
> > Date: 2/12/04
> >  
> > 
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system
> > (http://www.grisoft.com).
> > 
> === message truncated ===
> 
> 
> __________________________________
> Do you Yahoo!?
> Get better spam protection with Yahoo! Mail.
> http://antispam.yahoo.com/tools
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
-- 

Regards,

Hilton Travis                   Phone: +61-(0)7-3343-3889
Manager, Quark AudioVisual      Phone: +61-(0)419-792-394
         Quark Computers         http://www.QuarkAV.com/
(Brisbane, Australia)            http://www.QuarkAV.net/

Open Source Projects:		http://www.ares-desktop.org/
				http://www.mamboband.org/

Non Linear Video Editing Solutions & Digital Audio Workstations
 Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
  Conference and Seminar AudioVisual Production and Recording

War doesn't determine who is right. War determines who is left.