|
||||||||
Hi again Still having problems with proxy ARPing. I have attached the configuration file. The problem is that I can access server1 (10.0.0.32) via xx.xx.xx.194 (i.e. the real WAN IP address). But not server2 (10.0.0.11) via proxy ARPed xx.xx.xx.195. And what is still more interesting is that if I attach my laptop directly to the WAN interface I can access both servers. BUT if M0n0wall is in the production environment connected to the ISP's network, only xx.xx.xx.194 can be accessed. I have heard that ISP's arp cache may take hours to refresh, but as it is production environment I am not very happy to wait hours. Besides changing back the other firewall box works immediately so it seems to me that the problem has something to do with M0n0wall - not ISP's arp cache. I love M0n0wall and despite this problem it would fill my needs. So close now... Please help and thank you in advance. J ************************************************************* <?xml version="1.0"?> <m0n0wall> <version>1.4</version> <system> <hostname>fwall0</hostname> <domain>xxxxxxxxx.com</domain> <dnsallowoverride/> <username>admin</username> <password>$1$vu878eh877580fdy&5lVp7e.X84IEqN9.</password> <timezone>UTC</timezone> <time-update-interval>300</time-update-interval> <timeservers>pool.ntp.org</timeservers> <webgui> <protocol>http</protocol> <port/> </webgui> <dnsserver>xx.xx.xx.242</dnsserver> <dnsserver>xx.xx.xx.250</dnsserver> </system> <interfaces> <lan> <if>xl0</if> <ipaddr>10.0.0.253</ipaddr> <subnet>24</subnet> </lan> <wan> <if>fxp0</if> <spoofmac/> <mtu/> <ipaddr>xx.xx.xx.194</ipaddr> <subnet>29</subnet> <gateway>xx.xx.xx.193</gateway> <blockpriv/> </wan> </interfaces> <staticroutes/> <pppoe/> <pptp/> <dyndns> <type>dyndns</type> <username/> <password/> <host/> <mx/> </dyndns> <dhcpd> <lan> <range> <from>192.168.1.100</from> <to>192.168.1.199</to> </range> </lan> </dhcpd> <pptpd> <mode/> <redir/> <localip/> <remoteip/> </pptpd> <dnsmasq> <enable/> </dnsmasq> <snmpd> <syslocation/> <syscontact/> <rocommunity>public</rocommunity> </snmpd> <diag> <ipv6nat> <ipaddr/> </ipv6nat> </diag> <bridge/> <syslog> <reverse/> <nentries>50</nentries> <remoteserver>10.0.0.31</remoteserver> <filter/> <dhcp/> <system/> <enable/> </syslog> <nat> <servernat> <ipaddr>xx.xx.xx.195</ipaddr> <descr/> </servernat> <servernat> <ipaddr>xx.xx.xx.196</ipaddr> <descr/> </servernat> <servernat> <ipaddr>xx.xx.xx.197</ipaddr> <descr/> </servernat> <servernat> <ipaddr>xx.xx.xx.198</ipaddr> <descr/> </servernat> <rule> <external-address>xx.xx.xx.195</external-address> <protocol>tcp</protocol> <external-port>22</external-port> <target>10.0.0.11</target> <local-port>22</local-port> <descr>Server2 ssh</descr> </rule> <rule> <external-address>xx.xx.xx.195</external-address> <protocol>tcp</protocol> <external-port>25</external-port> <target>10.0.0.11</target> <local-port>25</local-port> <descr>Server2 SMTP</descr> </rule> <rule> <external-address>xx.xx.xx.195</external-address> <protocol>tcp</protocol> <external-port>80</external-port> <target>10.0.0.11</target> <local-port>80</local-port> <descr>Server2 http</descr> </rule> <rule> <external-address>xx.xx.xx.195</external-address> <protocol>tcp</protocol> <external-port>443</external-port> <target>10.0.0.11</target> <local-port>443</local-port> <descr>Server2 https</descr> </rule> <rule> <external-address>xx.xx.xx.198</external-address> <protocol>tcp</protocol> <external-port>80</external-port> <target>10.0.0.32</target> <local-port>80</local-port> <descr>Server1 http</descr> </rule> <rule> <protocol>tcp</protocol> <external-port>22</external-port> <target>10.0.0.31</target> <local-port>22</local-port> <descr>Server1 ssh</descr> </rule> <rule> <protocol>tcp</protocol> <external-port>25</external-port> <target>10.0.0.31</target> <local-port>25</local-port> <descr>Server1 SMTP</descr> </rule> <rule> <protocol>tcp</protocol> <external-port>80</external-port> <target>10.0.0.31</target> <local-port>80</local-port> <descr>Server1 http</descr> </rule> <rule> <protocol>tcp</protocol> <external-port>443</external-port> <target>10.0.0.31</target> <local-port>443</local-port> <descr>Server1 https</descr> </rule> </nat> <filter> <rule> <type>pass</type> <interface>wan</interface> <protocol>icmp</protocol> <source> <any/> </source> <destination> <any/> </destination> <descr/> </rule> <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp</protocol> <source> <address>xx.xx.xx.67</address> </source> <destination> <address>10.0.0.31</address> <port>22</port> </destination> <descr>NAT Server1 ssh</descr> </rule> <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp</protocol> <source> <address>xx.xx.xx.34</address> </source> <destination> <address>10.0.0.31</address> <port>22</port> </destination> <descr>NAT Server1 ssh</descr> </rule> <rule> <interface>wan</interface> <protocol>tcp</protocol> <source> <any/> </source> <destination> <address>10.0.0.31</address> <port>25</port> </destination> <descr>NAT Server1 SMTP</descr> </rule> <rule> <interface>wan</interface> <protocol>tcp</protocol> <source> <any/> </source> <destination> <address>10.0.0.31</address> <port>80</port> </destination> <descr>NAT Server1 http</descr> </rule> <rule> <interface>wan</interface> <protocol>tcp</protocol> <source> <any/> </source> <destination> <address>10.0.0.31</address> <port>443</port> </destination> <descr>NAT Server1 https</descr> </rule> <rule> <interface>wan</interface> <protocol>tcp</protocol> <source> <any/> </source> <destination> <address>10.0.0.31</address> <port>1352</port> </destination> <descr>NAT Server1 Notes</descr> </rule> <rule> <interface>wan</interface> <protocol>tcp</protocol> <source> <any/> </source> <destination> <address>10.0.0.32</address> <port>80</port> </destination> <descr>NAT Server1 http</descr> </rule> <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp</protocol> <source> <address>xx.xx.xx.67</address> </source> <destination> <address>10.0.0.11</address> <port>22</port> </destination> <descr>NAT Server2 ssh</descr> </rule> <rule> <type>pass</type> <interface>wan</interface> <protocol>tcp</protocol> <source> <address>xx.xx.xx.34</address> </source> <destination> <address>10.0.0.11</address> <port>22</port> </destination> <descr>NAT Server2 ssh</descr> </rule> <rule> <interface>wan</interface> <protocol>tcp</protocol> <source> <any/> </source> <destination> <address>10.0.0.11</address> <port>25</port> </destination> <descr>NAT Server2 SMTP</descr> </rule> <rule> <interface>wan</interface> <protocol>tcp</protocol> <source> <any/> </source> <destination> <address>10.0.0.11</address> <port>80</port> </destination> <descr>NAT Server2 http</descr> </rule> <rule> <interface>wan</interface> <protocol>tcp</protocol> <source> <any/> </source> <destination> <address>10.0.0.11</address> <port>443</port> </destination> <descr>NAT Server2 https</descr> </rule> <rule> <type>pass</type> <descr>Default LAN -> any</descr> <interface>lan</interface> <source> <network>lan</network> </source> <destination> <any/> </destination> </rule> </filter> <shaper/> <ipsec/> <aliases/> <proxyarp> <proxyarpnet> <range> <from>xx.xx.xx.194</from> <to>xx.xx.xx.198</to> </range> <descr/> </proxyarpnet> </proxyarp> </m0n0wall> |