Firewall/NAT

I'm trying to forward ports through the m0n0wall to the security camera software for access outside the network.

I'm passing the ports through incoming NAT to the desired server.

WAN     TCP                 80 (HTTP)      192.168.2.200      80 (HTTP)      server-sec-1 
WAN    TCP/UDP    8016            192.168.2.200    8016    server-sec-2
WAN    TCP/UDP    8201            192.168.2.200    8201    server-sec-3
WAN    TCP/UDP    8300           192.168.2.200    8300    server-sec-4
WAN    TCP/UDP    10019          192.168.2.200    10019    server-sec-5
WAN    TCP/UDP    10088           192.168.2.200    10088    server-sec-6

I also have these rules defined (using the create auto check box)

TCP                 *       *         192.168.2.200   80 (HTTP)      NAT server-sec-1      
TCP/UDP    *    *    192.168.2.200    8016    NAT server-sec-2     
TCP/UDP    *    *    192.168.2.200    8201    NAT server-sec-3     
TCP/UDP    *    *    192.168.2.200    8300    NAT server-sec-4     
TCP/UDP    *    *    192.168.2.200    10019    NAT server-sec-5     
TCP/UDP    *    *    192.168.2.200    10088    NAT server-sec-6     

If I pptp into the m0n0wall I can access the security server no problem with the lan ip address in the browser. However if I try to connect to it from my house using the external wan address (not on the lan, and not connected through pptp) it times out. If I go back and check the logs it shows that 80 was passed,

^(pass)  22:18:49.110572      WAN      *.*.*.*, port 2206      192.168.2.200, port 80      TCP

but for some reason it won't let me access the server. This is strange as I have done this many times with different firewalls and never ran into this problem, I like the m0n0wall and would like to continue to use it, so any suggestions would help (am I missing a step?)

Thanks for your time,
-Adrian

Have you tried switching the protocol to just TCP instead of TCP/UDP? Just a thought.

Otherwise, there must be something on the client and/or server side that's getting in the way - like a firewall on the client side or port blocking by your ISP.

Try turning logging on for the rules, if you haven't already, and see what you get. And turn logging on for the default rule just in case.

Hope this helps.

I have to logging enabled and it shows that the port is being passed through but I never reach the server. I read somewhere on this forum that someone had a similar issue and he reset to factory defaults and reconfigured, this will be my next step, if anyone else has any suggestions that would be fantastic.

Thanks for the reply

your problem looks like my problem.
http://forum.m0n0.ch/index.php/topic,1220.0.html

The camera is likely missing a default gateway, or doesn't use the default gateway. People have reported cameras before that would not use the default gateway and hence weren't accessible off-subnet.

Hi,
It seems tht, im also having the same problems here...my port forwarding was working perfectly before. My security system was previously connected/accesible via a PC with LAN ip(192.168.1.222), and run a dns client updater on the security PC. Just recently, i managed to setup Monowall and really like the features. My environment is tht, my ISP router now is set as bridging mode and i used monowall to dial to the ISP using PPOE. There was no problem with the internet on LAN, ALL WORKING PERFECTLY. When my management decided to used a DVR instead of a PC, THEN the problems started. Ive setup the DVR LAN ip address with the same IP(192.168.1.222, the PC now use different ip) and port no is 8888. I even try using port 80 but to no avail. I am using a dynamic dns to access the dvr from outside, ie xxxx.dyndns.org. The host registration in the dyndns was succesfull and activated. Ive setup the port forwarding quite similar to your setting but still failed to connect to the DVR from outside. Wht am i missing here??Somebody please give me some solution pls...really need help.....

I agree with CMB i think that these issuses come down to incorrect gateways. Any device that wants to connect back out must know about the existance of the entrance point the the connection will come in on. Also if i was publishing access to my security systems i would only do it over VPN especially if the auth is only http

The server is on the inside when you access the server from the wan to the lan you need a route from the m0nowall to the server wan to 192.168.1.222, the return path is unknown. If you sniffer like ethereal or wire shark will shown capture the traffic.

chain