[ previous ] [ next ] [ threads ]
 
 From:  "David Kitchens" <spider at webweaver dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Can't ping DMZ
 Date:  Tue, 13 Apr 2004 13:24:59 -0400
I am at wits end, I've got a soekris 4801 that I am replacing a smoothwall
corp server with. I've setup many DMZ in the past and I've got this m0n0 box
setup identical to the existing SW machine. All 4801 interfaces are set
correctly in the soekris bios, and IP's assigned in gui, WAN is static IP
from block provided by ISP, LAN is 192.168.200.10, DMZ is 192.168.100.10.
There is a w2k mail server, not exchange, at 192.168.100.20 and it is
connected thru a switch using regular cables to the m0n0 DMZ. When I replace
the SW with my m0n0, the LAN side functions perfectly, all machines can get
to web and as a test, opening port 3389 and auto-creating the rule will let
me terminal server into the domain controller on 192.168.200.3. Now the
problem, the mail server in DMZ cannot be pinged from LAN, it will not ping
anything in the LAN or on the web. It cannot get out and nothing can get in
to it. I tried hanging my laptop on a DMZ IP and it has the same problem. I
tried replacing the cables, tried a crossover cable, and have rechecked
everything I can think of. All needed ports and rules have been created, the
DMZ has been enabled, I've tried bridged and non bridged to the LAN, and
nothing will work. If anyone can see anything preventing DMZ access in this
config.xml file, PLEASE tell me!
<?xml version="1.0"?>

<m0n0wall>

<version>1.4</version>

<system>

<hostname>fw1</hostname>

<domain>xyz.com</domain>

<dnsallowoverride/>

<username>admin</username>

<password>not a chance, lol</password>

<timezone>America/Detroit</timezone>

<time-update-interval>300</time-update-interval>

<timeservers>pool.ntp.org</timeservers>

<webgui>

<protocol>https</protocol>

<port/>

<certificate/>

<private-key/>

</webgui>

<dnsserver>X.X.7.196</dnsserver>

<dnsserver>X.X.122.3</dnsserver>

</system>

<interfaces>

<lan>

<if>sis1</if>

<ipaddr>192.168.200.10</ipaddr>

<subnet>24</subnet>

</lan>

<wan>

<if>sis0</if>

<blockpriv/>

<ipaddr>X.X.50.107</ipaddr>

<subnet>29</subnet>

<gateway>X.X.50.105</gateway>

<spoofmac/>

<mtu/>

</wan>

<opt1>

<if>sis2</if>

<descr>OPT1</descr>

<ipaddr>192.168.100.10</ipaddr>

<subnet>24</subnet>

<bridge/>

<enable/>

</opt1>

</interfaces>

<staticroutes>

<route>

<interface>opt1</interface>

<network>192.168.100.0/24</network>

<gateway>192.168.200.1</gateway>

<descr/>

</route>

</staticroutes>

<pppoe/>

<pptp/>

<dyndns>

<type>dyndns</type>

<username/>

<password/>

<host/>

<mx/>

</dyndns>

<dhcpd>

<lan>

<range>

<from>192.168.200.11</from>

<to>192.168.200.15</to>

</range>

<defaultleasetime/>

<maxleasetime/>

</lan>

</dhcpd>

<pptpd>

<mode/>

<redir/>

<localip/>

<remoteip/>

</pptpd>

<dnsmasq>

<enable/>

</dnsmasq>

<snmpd>

<syslocation/>

<syscontact/>

<rocommunity>public</rocommunity>

</snmpd>

<diag>

<ipv6nat>

<ipaddr/>

</ipv6nat>

</diag>

<bridge/>

<syslog/>

<nat>

<servernat>

<ipaddr>X.X.50.106</ipaddr>

<descr>Mail Server</descr>

</servernat>

<servernat>

<ipaddr>X.X.50.108</ipaddr>

<descr>abc.xyz.com</descr>

</servernat>

<rule>

<external-address>X.X.50.106</external-address>

<protocol>tcp</protocol>

<external-port>25</external-port>

<target>192.168.100.20</target>

<local-port>25</local-port>

<descr>SMTP</descr>

</rule>

<rule>

<external-address>X.X.50.106</external-address>

<protocol>tcp</protocol>

<external-port>110</external-port>

<target>192.168.100.20</target>

<local-port>110</local-port>

<descr>POP3</descr>

</rule>

<rule>

<external-address>X.X.50.106</external-address>

<protocol>tcp/udp</protocol>

<external-port>510</external-port>

<target>192.168.100.20</target>

<local-port>510</local-port>

<descr/>

</rule>

<rule>

<external-address>X.X.50.106</external-address>

<protocol>tcp/udp</protocol>

<external-port>5631</external-port>

<target>192.168.100.20</target>

<local-port>5631</local-port>

<descr>pca mail server</descr>

</rule>

<rule>

<external-address>X.X.50.106</external-address>

<protocol>tcp/udp</protocol>

<external-port>5632</external-port>

<target>192.168.100.20</target>

<local-port>5632</local-port>

<descr>pca mail server</descr>

</rule>

<rule>

<external-address>X.X.50.108</external-address>

<protocol>tcp</protocol>

<external-port>81</external-port>

<target>192.168.200.3</target>

<local-port>81</local-port>

<descr>ppm web</descr>

</rule>

<rule>

<external-address>X.X.50.108</external-address>

<protocol>tcp</protocol>

<external-port>3389</external-port>

<target>192.168.200.3</target>

<local-port>3389</local-port>

<descr>terminal server</descr>

</rule>

<rule>

<protocol>tcp/udp</protocol>

<external-port>5631</external-port>

<target>192.168.200.113</target>

<local-port>5631</local-port>

<descr>pca workstation</descr>

</rule>

<rule>

<protocol>tcp/udp</protocol>

<external-port>5632</external-port>

<target>192.168.200.113</target>

<local-port>5632</local-port>

<descr>pca workstation</descr>

</rule>

<rule>

<external-address>X.X.50.106</external-address>

<protocol>tcp</protocol>

<external-port>80</external-port>

<target>192.168.100.20</target>

<local-port>80</local-port>

<descr/>

</rule>

</nat>

<filter>

<rule>

<type>pass</type>

<descr>Default LAN -&gt; any</descr>

<interface>lan</interface>

<source>

<network>lan</network>

</source>

<destination>

<any/>

</destination>

</rule>

<rule>

<type>pass</type>

<interface>opt1</interface>

<source>

<network>lan</network>

</source>

<destination>

<any/>

</destination>

<descr>Default LAN -&gt; any</descr>

</rule>

<rule>

<interface>wan</interface>

<protocol>tcp</protocol>

<source>

<any/>

</source>

<destination>

<address>192.168.100.20</address>

<port>25</port>

</destination>

<descr>NAT SMTP</descr>

</rule>

<rule>

<interface>wan</interface>

<protocol>tcp</protocol>

<source>

<any/>

</source>

<destination>

<address>192.168.100.20</address>

<port>110</port>

</destination>

<descr>NAT POP3</descr>

</rule>

<rule>

<interface>wan</interface>

<protocol>tcp</protocol>

<source>

<any/>

</source>

<destination>

<address>192.168.100.20</address>

<port>510</port>

</destination>

<descr>NAT </descr>

</rule>

<rule>

<interface>wan</interface>

<protocol>tcp</protocol>

<source>

<any/>

</source>

<destination>

<address>192.168.200.3</address>

<port>81</port>

</destination>

<descr>NAT ppm web</descr>

</rule>

<rule>

<interface>wan</interface>

<protocol>tcp/udp</protocol>

<source>

<any/>

</source>

<destination>

<address>192.168.200.113</address>

<port>5631</port>

</destination>

<descr>NAT pca workstation</descr>

</rule>

<rule>

<interface>wan</interface>

<protocol>tcp/udp</protocol>

<source>

<any/>

</source>

<destination>

<address>192.168.200.113</address>

<port>5632</port>

</destination>

<descr>NAT pca workstation</descr>

</rule>

<rule>

<interface>wan</interface>

<protocol>tcp</protocol>

<source>

<any/>

</source>

<destination>

<address>192.168.100.20</address>

<port>5631</port>

</destination>

<descr>NAT pca mail server</descr>

</rule>

<rule>

<interface>wan</interface>

<protocol>tcp/udp</protocol>

<source>

<any/>

</source>

<destination>

<address>192.168.100.20</address>

<port>5632</port>

</destination>

<descr>NAT pca mail server</descr>

</rule>

<rule>

<interface>wan</interface>

<protocol>tcp</protocol>

<source>

<any/>

</source>

<destination>

<address>192.168.200.3</address>

<port>3389</port>

</destination>

<descr>NAT terminal server</descr>

</rule>

<rule>

<interface>wan</interface>

<protocol>tcp</protocol>

<source>

<any/>

</source>

<destination>

<address>192.168.100.20</address>

<port>80</port>

</destination>

<descr>NAT </descr>

</rule>

</filter>

<shaper/>

<ipsec/>

<aliases/>

<proxyarp>

<proxyarpnet>

<network>X.X.50.106/32</network>

<descr/>

</proxyarpnet>

<proxyarpnet>

<network>X.X.50.108/32</network>

<descr/>

</proxyarpnet>

</proxyarp>

</m0n0wall>