I just got my m0n0 box setup and finally working. My clients can surf, everything seems good. I started setting up rules to make my net boxes functional. I thought it would be a cinch.. I created rules for HTTP, POP3, SMTP, DNS, FTP. I remote desktop'd to my office PC so I could try accessing services from outside my network. Tried to ping my website and it wouldn't resolve. Did an nslookup, switched to my DNS IP and tried to look up my www and it timed out. Set the firewall to allow anything inbound on any port and it resolved DNS fine then.
So, to make a long story short, by process of elimination slowly narrowing the port range allowed I end up needing to have not only TCP/UDP 53 open but TCP/TDP 23500-24000. Had the same problem with POP. Having 110 open didn't make it work. Once I opened 54000-55000 it worked. Funny thing is, I don't even have a rule for 110 and POP works with the 50x ports open..!? Frigging weird. I also had issues with SMTP. I ended up having to open 3200-5000 to get that working.
Does this weird behavior have an explanation? Also when you setup a rule, if you need to open both TCP and UDP port (53 for example for DNS) do you just use "TCP/UDP" or do you need "TCP" to cover TCP and "TCP/UDP" to cover UDP?
---------------
Hold on, now shit isn't working again. -sigh- DNS is failing to resolve. Maybe those weird port ranges were temporary or fluctuating? Ugh. I made a rule to allow everything in and out and DNS started working again, so I know it has to be rules, not something with the NAT mapping or something else.
Any ideas? Here is my current rules (that do not work):
(http://cityservices.baltimorecity.gov/moit/ken/monorules.jpg)
|
Topic: Weird port mappings