Re: [m0n0wall] Mixed up IPs in System Logs|Firewall?

From:	Chris Buechler <cbuechler at gmail dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Mixed up IPs in System Logs\|Firewall?
Date:	Tue, 12 Oct 2004 00:27:37 -0400

On Mon, 11 Oct 2004 20:30:37 +0200, horst dot ritter at mach dot com
<horst dot ritter at mach dot com> wrote:
> 
> I try to reach a server from the outside internet which is located behind a
> m0n0wall for several days now. Despite the fact that all ports are
> permitted on
> the m0n0wall (WAN interface as well as DMZ interface) the server is not
> reachable. 

It's a rule on your DMZ interface that is causing the packets to be dropped.  


> 
> For security reason I have replaced the original public IPs by public IPs.
> 
> Act   Time              If          Source                  Destination
>             Proto
> X     23:33:29.043975   DMZ         192.168.0.8, port 22    172.17.1.5,
> port 33622        TCP
> X     23:33:12.215229   DMZ         192.168.0.8             172.17.1.5
>             ICMP
> 
> Has anybody a clue why are the source and destination mixed up in the log?
> 

They aren't mixed up.  It's dropping return packets.  


> BTW: Due to the fact that the m0n0wall is located in russia and I am
> therefore not able to check the cables and settings personally,
> I am feared that probably the cables are not correctly plugged
> (WAN/LAN/DMZ). Might this cause the problem?
> 

If this were the case you probably wouldn't get as far as you do.  Doubt it.

Looks like something in your DMZ rules isn't allowing the return traffic out.  

-Chris