|
||||||||
I am at wits end, I've got a soekris 4801 that I am replacing a smoothwall corp server with. I've setup many DMZ in the past and I've got this m0n0 box setup identical to the existing SW machine. All 4801 interfaces are set correctly in the soekris bios, and IP's assigned in gui, WAN is static IP from block provided by ISP, LAN is 192.168.200.10, DMZ is 192.168.100.10. There is a w2k mail server, not exchange, at 192.168.100.20 and it is connected thru a switch using regular cables to the m0n0 DMZ. When I replace the SW with my m0n0, the LAN side functions perfectly, all machines can get to web and as a test, opening port 3389 and auto-creating the rule will let me terminal server into the domain controller on 192.168.200.3. Now the problem, the mail server in DMZ cannot be pinged from LAN, it will not ping anything in the LAN or on the web. It cannot get out and nothing can get in to it. I tried hanging my laptop on a DMZ IP and it has the same problem. I tried replacing the cables, tried a crossover cable, and have rechecked everything I can think of. All needed ports and rules have been created, the DMZ has been enabled, I've tried bridged and non bridged to the LAN, and nothing will work. If anyone can see anything preventing DMZ access in this config.xml file, PLEASE tell me! <?xml version="1.0"?> <m0n0wall> <version>1.4</version> <system> <hostname>fw1</hostname> <domain>xyz.com</domain> <dnsallowoverride/> <username>admin</username> <password>not a chance, lol</password> <timezone>America/Detroit</timezone> <time-update-interval>300</time-update-interval> <timeservers>pool.ntp.org</timeservers> <webgui> <protocol>https</protocol> <port/> <certificate/> <private-key/> </webgui> <dnsserver>X.X.7.196</dnsserver> <dnsserver>X.X.122.3</dnsserver> </system> <interfaces> <lan> <if>sis1</if> <ipaddr>192.168.200.10</ipaddr> <subnet>24</subnet> </lan> <wan> <if>sis0</if> <blockpriv/> <ipaddr>X.X.50.107</ipaddr> <subnet>29</subnet> <gateway>X.X.50.105</gateway> <spoofmac/> <mtu/> </wan> <opt1> <if>sis2</if> <descr>OPT1</descr> <ipaddr>192.168.100.10</ipaddr> <subnet>24</subnet> <bridge/> <enable/> </opt1> </interfaces> <staticroutes> <route> <interface>opt1</interface> <network>192.168.100.0/24</network> <gateway>192.168.200.1</gateway> <descr/> </route> </staticroutes> <pppoe/> <pptp/> <dyndns> <type>dyndns</type> <username/> <password/> <host/> <mx/> </dyndns> <dhcpd> <lan> <range> <from>192.168.200.11</from> <to>192.168.200.15</to> </range> <defaultleasetime/> <maxleasetime/> </lan> </dhcpd> <pptpd> <mode/> <redir/> <localip/> <remoteip/> </pptpd> <dnsmasq> <enable/> </dnsmasq> <snmpd> <syslocation/> <syscontact/> <rocommunity>public</rocommunity> </snmpd> <diag> <ipv6nat> <ipaddr/> </ipv6nat> </diag> <bridge/> <syslog/> <nat> <servernat> <ipaddr>X.X.50.106</ipaddr> <descr>Mail Server</descr> </servernat> <servernat> <ipaddr>X.X.50.108</ipaddr> <descr>abc.xyz.com</descr> </servernat> <rule> <external-address>X.X.50.106</external-address> <protocol>tcp</protocol> <external-port>25</external-port> <target>192.168.100.20</target> <local-port>25</local-port> <descr>SMTP</descr> </rule> <rule> <external-address>X.X.50.106</external-address> <protocol>tcp</protocol> <external-port>110</external-port> <target>192.168.100.20</target> <local-port>110</local-port> <descr>POP3</descr> </rule> <rule> <external-address>X.X.50.106</external-address> <protocol>tcp/udp</protocol> <external-port>510</external-port> <target>192.168.100.20</target> <local-port>510</local-port> <descr/> </rule> <rule> <external-address>X.X.50.106</external-address> <protocol>tcp/udp</protocol> <external-port>5631</external-port> <target>192.168.100.20</target> <local-port>5631</local-port> <descr>pca mail server</descr> </rule> <rule> <external-address>X.X.50.106</external-address> <protocol>tcp/udp</protocol> <external-port>5632</external-port> <target>192.168.100.20</target> <local-port>5632</local-port> <descr>pca mail server</descr> </rule> <rule> <external-address>X.X.50.108</external-address> <protocol>tcp</protocol> <external-port>81</external-port> <target>192.168.200.3</target> <local-port>81</local-port> <descr>ppm web</descr> </rule> <rule> <external-address>X.X.50.108</external-address> <protocol>tcp</protocol> <external-port>3389</external-port> <target>192.168.200.3</target> <local-port>3389</local-port> <descr>terminal server</descr> </rule> <rule> <protocol>tcp/udp</protocol> <external-port>5631</external-port> <target>192.168.200.113</target> <local-port>5631</local-port> <descr>pca workstation</descr> </rule> <rule> <protocol>tcp/udp</protocol> <external-port>5632</external-port> <target>192.168.200.113</target> <local-port>5632</local-port> <descr>pca workstation</descr> </rule> <rule> <external-address>X.X.50.106</external-address> <protocol>tcp</protocol> <external-port>80</external-port> <target>192.168.100.20</target> <local-port>80</local-port> <descr/> </rule> </nat> <filter> <rule> <type>pass</type> <descr>Default LAN -> any</descr> <interface>lan</interface> <source> <network>lan</network> </source> <destination> <any/> </destination> </rule> <rule> <type>pass</type> <interface>opt1</interface> <source> <network>lan</network> </source> <destination> <any/> </destination> <descr>Default LAN -> any</descr> </rule> <rule> <interface>wan</interface> <protocol>tcp</protocol> <source> <any/> </source> <destination> <address>192.168.100.20</address> <port>25</port> </destination> <descr>NAT SMTP</descr> </rule> <rule> <interface>wan</interface> <protocol>tcp</protocol> <source> <any/> </source> <destination> <address>192.168.100.20</address> <port>110</port> </destination> <descr>NAT POP3</descr> </rule> <rule> <interface>wan</interface> <protocol>tcp</protocol> <source> <any/> </source> <destination> <address>192.168.100.20</address> <port>510</port> </destination> <descr>NAT </descr> </rule> <rule> <interface>wan</interface> <protocol>tcp</protocol> <source> <any/> </source> <destination> <address>192.168.200.3</address> <port>81</port> </destination> <descr>NAT ppm web</descr> </rule> <rule> <interface>wan</interface> <protocol>tcp/udp</protocol> <source> <any/> </source> <destination> <address>192.168.200.113</address> <port>5631</port> </destination> <descr>NAT pca workstation</descr> </rule> <rule> <interface>wan</interface> <protocol>tcp/udp</protocol> <source> <any/> </source> <destination> <address>192.168.200.113</address> <port>5632</port> </destination> <descr>NAT pca workstation</descr> </rule> <rule> <interface>wan</interface> <protocol>tcp</protocol> <source> <any/> </source> <destination> <address>192.168.100.20</address> <port>5631</port> </destination> <descr>NAT pca mail server</descr> </rule> <rule> <interface>wan</interface> <protocol>tcp/udp</protocol> <source> <any/> </source> <destination> <address>192.168.100.20</address> <port>5632</port> </destination> <descr>NAT pca mail server</descr> </rule> <rule> <interface>wan</interface> <protocol>tcp</protocol> <source> <any/> </source> <destination> <address>192.168.200.3</address> <port>3389</port> </destination> <descr>NAT terminal server</descr> </rule> <rule> <interface>wan</interface> <protocol>tcp</protocol> <source> <any/> </source> <destination> <address>192.168.100.20</address> <port>80</port> </destination> <descr>NAT </descr> </rule> </filter> <shaper/> <ipsec/> <aliases/> <proxyarp> <proxyarpnet> <network>X.X.50.106/32</network> <descr/> </proxyarpnet> <proxyarpnet> <network>X.X.50.108/32</network> <descr/> </proxyarpnet> </proxyarp> </m0n0wall> |