[ previous ] [ next ] [ threads ]
 
 From:  Horst dot Ritter at mach dot com
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Mixed up IPs in System Logs|Firewall?
 Date:  Mon, 11 Oct 2004 20:30:37 +0200
Hello,

I try to reach a server from the outside internet which is located behind a
m0n0wall for several days now. Despite the fact that all ports are
permitted on
the m0n0wall (WAN interface as well as DMZ interface) the server is not
reachable. Neither by SSH nor by ping. During the debugging with the log
entries
I faced a further odd behavior of the m0n0wall. Both attempts, SSH and
ping, are initated from 172.17.1.5 but in the log there are quoted in the
Destination
column. Therefore, I am confused if the problem could be caused by the
FW-routine in the m0n0wall or if I am missunderstanding the log.

For security reason I have replaced the original public IPs by public IPs.

Act   Time              If          Source                  Destination
            Proto
X     23:33:29.043975   DMZ         192.168.0.8, port 22    172.17.1.5,
port 33622        TCP
X     23:33:12.215229   DMZ         192.168.0.8             172.17.1.5
            ICMP

Has anybody a clue why are the source and destination mixed up in the log?

BTW: Due to the fact that the m0n0wall is located in russia and I am
therefore not able to check the cables and settings personally,
I am feared that probably the cables are not correctly plugged
(WAN/LAN/DMZ). Might this cause the problem?

I would appreciate every hint or clarification.

Best regards,

Horst