[ previous ] [ next ] [ threads ]
 
 From:  "J. James" <icewalker at hotpop dot com>
 To:  Manuel Kasper <mk at neon1 dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] ARRGH - Banging STILL my head to a (m0n0)wall
 Date:  Sun, 09 May 2004 21:49:03 +0300
Hi

As I said in my previous mail I got M0n0wall up and working using Manuel's 
advise. However when I installed M0n0wall in the production environment I 
doesn't work anymore.

What I did was:
   1 gave WAN IP address xx.xx.xx.194/29, gateway xx.xx.xx.193
   2 proxy ARPed xx.xx.xx.195 (also tried xx.xx.xx.194 & xx.xx.xx.195 AND 
xx.xx.xx.194 - xx.xx.xx.195)
   3 added server NAT for xx.xx.xx.195
   4 added inbound NAT xx.xx.xx.195 -> yy.yy.yy.11
   5 checked rules

As Manuel pointed out xx.xx.xx.195 won't ping so I set up laptop on the 
WAN side and was able to browse the LAN side web server yy.yy.yy.11 via 
xx.xx.xx.195. BUT when installed in the production environment 
xx.xx.xx.195 won't answer. How come? When I tried the old firewall 
(Bering/Shorewall) xx.xx.xx.195 worked OK also in the production 
environment.

Could it be that the packets send to xx.xx.xx.195 seem to return from 
xx.xx.xx.194 and the internet operators firewall blocks them? Or could 
there be some other explanation why proxy ARPed IP addresses aren't quite 
the same as "real" IP addresses?

Any suggestions what to do next?


J