RE: [m0n0wall] m0n0wall NAT weirdness (It shouldn't be doing this!)

From:	"C. Falconer" <cfalconer at avonside dot school dot nz>
To:	'Chet Harvey' <sales at pittech dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	RE: [m0n0wall] m0n0wall NAT weirdness (It shouldn't be doing this!)
Date:	Wed, 26 May 2004 07:25:59 +1200

Gidday Chet - thanks for the advice.

I have a static IP - I only use dyndns because that's what people know me
as, and I'm too poor to pop for my own domain.

The ISP also allows anything on cable... Theres no blocks at all for
anything.

I had all this working fine with a linux server, so its got to be a m0n0wall
config, or possibly the hardware that m0n0wall is running on.



-----Original Message-----
From: Chet Harvey [mailto:chet at pittech dot com] 
Sent: Tuesday, 25 May 2004 11:16 p.m.
To: C. Falconer; m0n0wall at lists dot m0n0 dot ch
Subject: Rv: [m0n0wall] m0n0wall NAT weirdness (It shouldn't be doing this!)


There may be more to this than m0n0wall.

First, ICMP pings from the WAN side I believe are dropped by default. Others
here will let me know if I am wrong. =)

As for serving up pages on 80 via the wan side and dyndns....A) I assume you
setup dyndns in m0n0wall to stay current and B) does your ISP allow 80
traffic from customer websites?

I have Cox cable in Virginia and they do not allow port 80 traffic from a
customer like me.

--------- Mensagem Original --------
From: C. Falconer <cfalconer at avonside dot school dot nz>
To: m0n0wall at lists dot m0n0 dot ch <m0n0wall at lists dot m0n0 dot ch>
Subject: [m0n0wall] m0n0wall NAT weirdness (It shouldn't be doing this!)
Date: 25/05/04 11:29

>
> Gidday all.  I'm new to m0n0wall, and have it working fine in every
respect
> but one.
>
> I have a web server at 10.28.1.2, which I want the world to access from
> http://criggie.dyndns.org/   202.0.42.116
>
> I have a NAT line that says:
> TCP 	80 (HTTP) 	10.28.1.2 	80 (HTTP) 	HTTP
>
> I have a firewall rule that was automatically created when I added the
above
> NAT line.
>
> Now, the truly strange thing is that from an internal IP I can connect 
> to port 80 on 202.0.42.116. I can't connect to port 80 from any 
> real-world Ips
>
> So I added some logging...  I now see this in the logs when attempting 
> to connect to port 80 from work (202.0.37.196) 00:22:27.902608 xl1 
> @200:1 p 202.0.37.196,2066 -&gt; 10.28.1.2,80 PR tcp
len 20
> 60 -S K-S OUT
> 00:22:27.902566 xl0 @200:1 p 202.0.37.196,2066 -&gt; 10.28.1.2,80 PR 
> tcp
len 20
> 60 -S K-S IN
>
> I can't see where I'm going wrong...  Its not obvious where the 
> problem
lies
> at all.
>
> Possibly related - I can ping my firewall from the LAN but not the WAN 
> side... Is this correct?
>
> If you can help me, I promise to document this!
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>
>