[ previous ] [ next ] [ threads ]
 
 From:  "J. James" <icewalker at hotpop dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Proxy ARP (working, but not on production environment)
 Date:  Wed, 12 May 2004 20:57:26 +0300
Hi again

Still having problems with proxy ARPing. I have attached the configuration 
file. The problem is that I can access server1 (10.0.0.32) via 
xx.xx.xx.194 (i.e. the real WAN IP address). But not server2 (10.0.0.11) 
via proxy ARPed xx.xx.xx.195.

And what is still more interesting is that if I attach my laptop directly 
to the WAN interface I can access both servers. BUT if M0n0wall is in the 
production environment connected to the ISP's network, only xx.xx.xx.194 
can be accessed.

I have heard that ISP's arp cache may take hours to refresh, but as it is 
production environment I am not very happy to wait hours. Besides changing 
back the other firewall box works immediately so it seems to me that the 
problem has something to do with M0n0wall - not ISP's arp cache.

I love M0n0wall and despite this problem it would fill my needs. So close 
now...  Please help and thank you in advance.


J

*************************************************************





<?xml version="1.0"?>
<m0n0wall>
	<version>1.4</version>
	<system>
		<hostname>fwall0</hostname>
		<domain>xxxxxxxxx.com</domain>
		<dnsallowoverride/>
		<username>admin</username>
		<password>$1$vu878eh877580fdy&5lVp7e.X84IEqN9.</password>
		<timezone>UTC</timezone>
		<time-update-interval>300</time-update-interval>
		<timeservers>pool.ntp.org</timeservers>
		<webgui>
			<protocol>http</protocol>
			<port/>
		</webgui>
		<dnsserver>xx.xx.xx.242</dnsserver>
		<dnsserver>xx.xx.xx.250</dnsserver>
	</system>
	<interfaces>
		<lan>
			<if>xl0</if>
			<ipaddr>10.0.0.253</ipaddr>
			<subnet>24</subnet>
		</lan>
		<wan>
			<if>fxp0</if>
			<spoofmac/>
			<mtu/>
			<ipaddr>xx.xx.xx.194</ipaddr>
			<subnet>29</subnet>
			<gateway>xx.xx.xx.193</gateway>
			<blockpriv/>
		</wan>
	</interfaces>
	<staticroutes/>
	<pppoe/>
	<pptp/>
	<dyndns>
		<type>dyndns</type>
		<username/>
		<password/>
		<host/>
		<mx/>
	</dyndns>
	<dhcpd>
		<lan>
			<range>
				<from>192.168.1.100</from>
				<to>192.168.1.199</to>
			</range>
		</lan>
	</dhcpd>
	<pptpd>
		<mode/>
		<redir/>
		<localip/>
		<remoteip/>
	</pptpd>
	<dnsmasq>
		<enable/>
	</dnsmasq>
	<snmpd>
		<syslocation/>
		<syscontact/>
		<rocommunity>public</rocommunity>
	</snmpd>
	<diag>
		<ipv6nat>
			<ipaddr/>
		</ipv6nat>
	</diag>
	<bridge/>
	<syslog>
		<reverse/>
		<nentries>50</nentries>
		<remoteserver>10.0.0.31</remoteserver>
		<filter/>
		<dhcp/>
		<system/>
		<enable/>
	</syslog>
	<nat>
		<servernat>
			<ipaddr>xx.xx.xx.195</ipaddr>
			<descr/>
		</servernat>
		<servernat>
			<ipaddr>xx.xx.xx.196</ipaddr>
			<descr/>
		</servernat>
		<servernat>
			<ipaddr>xx.xx.xx.197</ipaddr>
			<descr/>
		</servernat>
		<servernat>
			<ipaddr>xx.xx.xx.198</ipaddr>
			<descr/>
		</servernat>
		<rule>
			<external-address>xx.xx.xx.195</external-address>
			<protocol>tcp</protocol>
			<external-port>22</external-port>
			<target>10.0.0.11</target>
			<local-port>22</local-port>
			<descr>Server2 ssh</descr>
		</rule>
		<rule>
			<external-address>xx.xx.xx.195</external-address>
			<protocol>tcp</protocol>
			<external-port>25</external-port>
			<target>10.0.0.11</target>
			<local-port>25</local-port>
			<descr>Server2 SMTP</descr>
		</rule>
		<rule>
			<external-address>xx.xx.xx.195</external-address>
			<protocol>tcp</protocol>
			<external-port>80</external-port>
			<target>10.0.0.11</target>
			<local-port>80</local-port>
			<descr>Server2 http</descr>
		</rule>
		<rule>
			<external-address>xx.xx.xx.195</external-address>
			<protocol>tcp</protocol>
			<external-port>443</external-port>
			<target>10.0.0.11</target>
			<local-port>443</local-port>
			<descr>Server2 https</descr>
		</rule>
		<rule>
			<external-address>xx.xx.xx.198</external-address>
			<protocol>tcp</protocol>
			<external-port>80</external-port>
			<target>10.0.0.32</target>
			<local-port>80</local-port>
			<descr>Server1 http</descr>
		</rule>
		<rule>
			<protocol>tcp</protocol>
			<external-port>22</external-port>
			<target>10.0.0.31</target>
			<local-port>22</local-port>
			<descr>Server1 ssh</descr>
		</rule>
		<rule>
			<protocol>tcp</protocol>
			<external-port>25</external-port>
			<target>10.0.0.31</target>
			<local-port>25</local-port>
			<descr>Server1 SMTP</descr>
		</rule>
		<rule>
			<protocol>tcp</protocol>
			<external-port>80</external-port>
			<target>10.0.0.31</target>
			<local-port>80</local-port>
			<descr>Server1 http</descr>
		</rule>
		<rule>
			<protocol>tcp</protocol>
			<external-port>443</external-port>
			<target>10.0.0.31</target>
			<local-port>443</local-port>
			<descr>Server1 https</descr>
		</rule>
	</nat>
	<filter>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<protocol>icmp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<any/>
			</destination>
			<descr/>
		</rule>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<address>xx.xx.xx.67</address>
			</source>
			<destination>
				<address>10.0.0.31</address>
				<port>22</port>
			</destination>
			<descr>NAT Server1 ssh</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<address>xx.xx.xx.34</address>
			</source>
			<destination>
				<address>10.0.0.31</address>
				<port>22</port>
			</destination>
			<descr>NAT Server1 ssh</descr>
		</rule>
		<rule>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<address>10.0.0.31</address>
				<port>25</port>
			</destination>
			<descr>NAT Server1 SMTP</descr>
		</rule>
		<rule>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<address>10.0.0.31</address>
				<port>80</port>
			</destination>
			<descr>NAT Server1 http</descr>
		</rule>
		<rule>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<address>10.0.0.31</address>
				<port>443</port>
			</destination>
			<descr>NAT Server1 https</descr>
		</rule>
		<rule>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<address>10.0.0.31</address>
				<port>1352</port>
			</destination>
			<descr>NAT Server1 Notes</descr>
		</rule>
		<rule>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<address>10.0.0.32</address>
				<port>80</port>
			</destination>
			<descr>NAT Server1 http</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<address>xx.xx.xx.67</address>
			</source>
			<destination>
				<address>10.0.0.11</address>
				<port>22</port>
			</destination>
			<descr>NAT Server2 ssh</descr>
		</rule>
		<rule>
			<type>pass</type>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<address>xx.xx.xx.34</address>
			</source>
			<destination>
				<address>10.0.0.11</address>
				<port>22</port>
			</destination>
			<descr>NAT Server2 ssh</descr>
		</rule>
		<rule>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<address>10.0.0.11</address>
				<port>25</port>
			</destination>
			<descr>NAT Server2 SMTP</descr>
		</rule>
		<rule>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<address>10.0.0.11</address>
				<port>80</port>
			</destination>
			<descr>NAT Server2 http</descr>
		</rule>
		<rule>
			<interface>wan</interface>
			<protocol>tcp</protocol>
			<source>
				<any/>
			</source>
			<destination>
				<address>10.0.0.11</address>
				<port>443</port>
			</destination>
			<descr>NAT Server2 https</descr>
		</rule>
		<rule>
			<type>pass</type>
			<descr>Default LAN -&gt; any</descr>
			<interface>lan</interface>
			<source>
				<network>lan</network>
			</source>
			<destination>
				<any/>
			</destination>
		</rule>
	</filter>
	<shaper/>
	<ipsec/>
	<aliases/>
	<proxyarp>
		<proxyarpnet>
			<range>
				<from>xx.xx.xx.194</from>
				<to>xx.xx.xx.198</to>
			</range>
			<descr/>
		</proxyarpnet>
	</proxyarp>
</m0n0wall>