RE: [m0n0wall] Wanting to be able to service m0n0wall from ...

From:	David Cook <david dot cook at jetpress dot com>
To:	'Andrew' <andrew at cryptnix dot com>, m0n0wall at lists dot m0n0 dot ch
Subject:	RE: [m0n0wall] Wanting to be able to service m0n0wall from ...
Date:	Mon, 29 Mar 2004 09:10:22 +0100
Andrew,

Surprised you are still having problems. 

>My current setup ...
>
><Internet> <-> <Smoothwall> <-> (My local area network) <-> 
><m0n0wall> ... WIRELESS!!
>
>I'm just using it as a upgradable access point, but it seems 
>as though there are no options 
>on being able to administrate it from the WAN port which gets 
>an IP from my smoothwall box.
>
>So what I want todo is be able to type the m0n0wall address on 
>my "local area network" subnet
>which is 192.168.0.4 and be able to snmp the local & be able 
>to administrate the system from
>my local area network, and possibly perhaps block access to it 
>on the LAN side...
>

OK just to clarify/consolidate previous posts:

System: General Setup

1. Confirm the port that the webGUI is configured for, default is either 80
(http) or 443 (https) but could be something else if the webGUI custom port
option is used.

Interfaces: WAN

2. Uncheck the 'Block private networks' option (as your WAN IP is a RFC1918
address).

Firewall: Rules

3. Create a rule to 'Pass' TCP connections on the WAN interface to the WAN
IP address/webGUI port

	Action: PASS
	Disabled: NO
	Interface: WAN
	Protocol: TCP
	Source: Any
	Source Port Range: Any/Any
	Destination: Single host or alias/<Your WAN IP>
	Destination Port: <webGUI port>/<webGUI port>
	Fragments: NO
	Log: YES
	Description: 'Allow WAN Admin'

4. Create a rule to 'Pass' TCP/UDP connections on the WAN interface to the
WAN IP address/SNMP port

	Action: PASS
	Disabled: NO
	Interface: WAN
	Protocol: TCP/UDP
	Source: Any
	Source Port Range: Any/Any
	Destination: Single host or alias/<Your WAN IP>
	Destination Port: 161/161
	Fragments: NO
	Log: YES
	Description: 'Allow WAN SNMP'

Once the configuration is in place test everything in turn looking in the
system log for clues to a problem. All connection attempts on the WAN
interface to the webGUI port will be logged (Diagnostics: System Log:
Firewall) whether they fail or succeed. If you still cannot connect, please
post the relevant entries from the log to the list.


>I have my DHCP server enabled but I cannot retrieve any 
>leases.  Whats the deal? :)
>
>Thanks
>

I am assuming that you are using either the CD-rom or generic PC image of
m0n0wall on standard PC hardware. 

Have you checked to ensure all your interfaces are up? 

Can you connect to the interface that doesn't seem to be assigning IP
addresses via DHCP with a statically assigned IP address and subnet mask?

Services: DHCP

1. Ensure that DHCP is enabled on the interfaces that will be handing out IP
addresses to clients. Note that on this page there is a separate tab for
each interface other than the WAN. I missed this when I first started
playing with m0n0wall. 

Also ensure that the IP address range assigned is a unique subnet to that
interface. This will in part rely on each interface IP being on a different
subnet.

e.g. 

WAN IP: 192.168.0.4/24
LAN IP: 192.168.1.1/24, DHCP Range 192.168.1.100 - 149
WIRELESS IP: 192.168.2.1, DHCP Range 192.168.2.100 - 149

Let us know how you get on.




JET PRESS LIMITED
Nunn Close
Huthwaite
Nottinghamshire
NG17 2HW
UK

Web:	www.jetpress.com
Tel:	+44-1623-551 800
Fax: 	+44-1623-551 175


Confidentiality Notice 
This message and its contents are confidential.  The contents are solely for the attention of the
recipient(s) named above and any unauthorised disclosure, copying or distribution is forbidden.  If
you are not the recipient named above, please contact the sender immediately and destroy this
message.  The views expressed in this message are those of the sender and not necessarily those of
JET PRESS LIMITED.