[ previous ] [ next ] [ threads ]
 
 From:  Eternal Security <veptune at wanadoo dot fr>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Problem of ping on wan interface altought firewalls rules allow all traffic from any interface
 Date:  Thu, 18 Mar 2004 21:34:27 +0100 (CET)
Hello

I have a very strange problem with monowall.

Here is the schema of my network :

		           192.168.0.2  
			|
			|   <-- LAN created to test monowall
			|
			|
		   192.168.0.1 LAN Interface of Monowall
		   10.10.5.76  WAN Interface of Monowall
			|
			|   <--- LAN of my company
			|
         	                                   10.10.5.8



Monowall get the IP adress of his wan interface as DHCP client. (LAN of the company have a DHCP
Server)
Monowall is inside the lan of my company (the boss want to test it).

For this test, i have set firewall rules to allow all packets form any interface for any protocol.

192.168.0.2 can ping any machines, can surf on the web etc ....
From 192.168.0.2, i can ping 10.10.5.8 and both interface of monowall.
From monowall i can ping 192.168.0.2 and 10.10.5.8 and i can ping machines on Internet.
But from 10.10.5.8 i can't ping the wan interface of monowall (and i can't ping lan interface and
192.168.0.2) !!!
Note that 10.10.5.8 can ping any machines on internet and any machine member of the LAN of the
company.
10.10.5.8 is an examples, but any machines of the LAN of my company can't ping the wan interface of
monowall.

In logs of Monowall i can see that packets sent during the ping are refused ! But firewall rules
allow all packets on LAN/WAN 
interface !

I have already set up rules of firewalls for wan and lan interface on other places and i got no
problems.

If 10.10.5.8 could'nt ping the lan interface 192.168.0.1 and 192.168.0.2 , i could suppose that it
was a problem of NAT/route 
of any other things but in this case it can't ping the wan interface !

I don't understand !

Sorry for my english, it is not my primary language.


Thanks for any help.

Cya