News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: 1:1 NAT with a /27
Pages: [1]
Topic: 1:1 NAT with a /27  (Read 2288 times)
« on: January 25, 2008, 02:28:04 »
xaustinx *
Posts: 3
I have a m0n0wall running 1.233

I have public ip range that's a /27

the first ip address in the range is assinged to the m0n0wall, the rest have 1:1 NAT with auto-arp entries for all usable ip addresses.

The 1:1 Nat was created using identical entries where only 1-2 characters change between rules, e.g. .178, .179.  The proxy ARP information is correct, and it has been sitting there for at least 2 days now.

The first 13 1:1 nat's work perfectly.

The next 15 1:1 nat's can see the internal network, retrieve dns information, but not make it to the internet, nor can the internet traffic see them.  There are explicit rules as well for all usable ip addresses allowing port 3389 access to all usable ip's. 

I've checked with the datacenter, and there's no misconfiguration, even if there was my ip range ramps up to the end of the octet (i.e. .254) so my network would be closed off on the begining of the octet and not the end.  As i said before, the First 13 work, so a subnet misconfiguration seems unlikely, and i've had the doublecheck/reconfirm it.

I've elmininated the server, servers, cables, cabledrop, switch, switchports, software, and NIC's as a potential causes.

i've searched through the forum for anyone with a simliar questions, or answers that didn't end in misconfiguration or user error.  i'm confident my config issolid, and if you guys think it would help for me to post it, i'll do so tomorrow.

I'm totally at a loss for what's wrong at this point, and would love assistance from anyone willing to provide it.

Thanks
« Last Edit: January 25, 2008, 02:31:37 by xaustinx »
« Reply #1 on: January 25, 2008, 18:49:40 »
xaustinx *
Posts: 3
Here's my config:

<?xml version="1.0"?>
<m0n0wall>
   <version>1.6</version>
   <lastchange>1201222437</lastchange>
   <system>
      <hostname>svr-pd3ips</hostname>
      <domain>local</domain>
      <username>administrator</username>
      <password>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</password>
      <timezone>America/Los_Angeles</timezone>
      <time-update-interval>300</time-update-interval>
      <timeservers>pool.ntp.org</timeservers>
      <webgui>
         <protocol>https</protocol>
         <port/>
      </webgui>
      <dnsserver>yyy.yyy.yyy.20</dnsserver>
      <dnsserver>yyy.yyy.yyy.21</dnsserver>
   </system>
   <interfaces>
      <lan>
         <if>fxp1</if>
         <ipaddr>xxx.xxx.xxx.1</ipaddr>
         <subnet>24</subnet>
         <media/>
         <mediaopt/>
      </lan>
      <wan>
         <if>fxp0</if>
         <mtu/>
         <blockpriv/>
         <media/>
         <mediaopt/>
         <ipaddr>yyy.yyy.yyy.226</ipaddr>
         <subnet>27</subnet>
         <gateway>yyy.yyy.yyy.225</gateway>
         <spoofmac/>
      </wan>
   </interfaces>
   <staticroutes/>
   <pppoe/>
   <pptp/>
   <bigpond/>
   <dyndns>
      <type>dyndns</type>
      <username/>
      <password/>
      <host/>
      <mx/>
      <server/>
      <port/>
   </dyndns>
   <dnsupdate/>
   <dhcpd>
      <lan>
         <range>
            <from>xxx.xxx.xxx.2</from>
            <to>xxx.xxx.xxx.254</to>
         </range>
         <defaultleasetime/>
         <maxleasetime/>
      </lan>
   </dhcpd>
   <pptpd>
      <mode/>
      <redir/>
      <localip/>
      <remoteip/>
   </pptpd>
   <dnsmasq>
      <enable/>
      <regdhcp/>
   </dnsmasq>
   <snmpd>
      <syslocation>Firewall at Datacenter</syslocation>
      <syscontact>Austin</syscontact>
      <rocommunity>public</rocommunity>
   </snmpd>
   <diag>
      <ipv6nat>
         <ipaddr/>
      </ipv6nat>
   </diag>
   <bridge/>
   <syslog>
      <reverse/>
      <nentries>1000</nentries>
      <remoteserver>xxx.xxx.xxx.8</remoteserver>
      <filter/>
      <dhcp/>
      <portalauth/>
      <vpn/>
      <system/>
      <enable/>
   </syslog>
   <nat>
      <rule>
         <protocol>tcp</protocol>
         <external-port>443</external-port>
         <target>xxx.xxx.xxx.1</target>
         <local-port>443</local-port>
         <interface>wan</interface>
         <descr>Firewall</descr>
      </rule>
      <onetoone>
         <external>yyy.yyy.yyy.227</external>
         <internal>xxx.xxx.xxx.7</internal>
         <subnet>32</subnet>
         <descr>Dns/Email</descr>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.228</external>
         <internal>xxx.xxx.xxx.8</internal>
         <subnet>32</subnet>
         <descr>Backup/Util</descr>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.229</external>
         <internal>xxx.xxx.xxx.9</internal>
         <subnet>32</subnet>
         <descr>Database</descr>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.230</external>
         <internal>xxx.xxx.xxx.10</internal>
         <subnet>32</subnet>
         <descr>Virtual app</descr>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.231</external>
         <internal>xxx.xxx.xxx.11</internal>
         <subnet>32</subnet>
         <descr>Web</descr>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.232</external>
         <internal>xxx.xxx.xxx.12</internal>
         <subnet>32</subnet>
         <descr/>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.233</external>
         <internal>xxx.xxx.xxx.13</internal>
         <subnet>32</subnet>
         <descr/>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.234</external>
         <internal>xxx.xxx.xxx.14</internal>
         <subnet>32</subnet>
         <descr/>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.235</external>
         <internal>xxx.xxx.xxx.15</internal>
         <subnet>32</subnet>
         <descr/>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.236</external>
         <internal>xxx.xxx.xxx.16</internal>
         <subnet>32</subnet>
         <descr/>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.237</external>
         <internal>xxx.xxx.xxx.17</internal>
         <subnet>32</subnet>
         <descr/>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.238</external>
         <internal>xxx.xxx.xxx.18</internal>
         <subnet>32</subnet>
         <descr/>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.239</external>
         <internal>xxx.xxx.xxx.19</internal>
         <subnet>32</subnet>
         <descr/>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.240</external>
         <internal>xxx.xxx.xxx.20</internal>
         <subnet>32</subnet>
         <descr/>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.241</external>
         <internal>xxx.xxx.xxx.21</internal>
         <subnet>32</subnet>
         <descr/>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.242</external>
         <internal>xxx.xxx.xxx.22</internal>
         <subnet>32</subnet>
         <descr/>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.243</external>
         <internal>xxx.xxx.xxx.23</internal>
         <subnet>32</subnet>
         <descr/>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.244</external>
         <internal>xxx.xxx.xxx.24</internal>
         <subnet>32</subnet>
         <descr/>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.245</external>
         <internal>xxx.xxx.xxx.25</internal>
         <subnet>32</subnet>
         <descr/>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.246</external>
         <internal>xxx.xxx.xxx.26</internal>
         <subnet>32</subnet>
         <descr/>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.247</external>
         <internal>xxx.xxx.xxx.27</internal>
         <subnet>32</subnet>
         <descr/>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.248</external>
         <internal>xxx.xxx.xxx.28</internal>
         <subnet>32</subnet>
         <descr/>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.249</external>
         <internal>xxx.xxx.xxx.29</internal>
         <subnet>32</subnet>
         <descr/>
         <interface>wan</interface>
      </onetoone>
      <onetoone>
         <external>yyy.yyy.yyy.250</external>
         <internal>xxx.xxx.xxx.2</internal>
         <subnet>32</subnet>
         <descr/>
         <interface>wan</interface>
      </onetoone>
   </nat>
   <filter>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <address>xxx.xxx.xxx.1</address>
            <port>443</port>
         </destination>
         <log/>
         <descr>NAT Firewall</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <address>xxx.xxx.xxx.2</address>
            <port>3389</port>
         </destination>
         <log/>
         <descr>RDC Webserver</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <address>xxx.xxx.xxx.7</address>
            <port>3389</port>
         </destination>
         <log/>
         <descr>NAT DNS/Email RDC</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <address>xxx.xxx.xxx.8</address>
            <port>3389</port>
         </destination>
         <log/>
         <descr>RDC Backup/Util</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <address>xxx.xxx.xxx.9</address>
            <port>3389</port>
         </destination>
         <log/>
         <descr>RDC Db</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <address>xxx.xxx.xxx.10</address>
            <port>3389</port>
         </destination>
         <log/>
         <descr>NAT Virtual App 1</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <address>xxx.xxx.xxx.11</address>
            <port>3389</port>
         </destination>
         <log/>
         <descr>RDC Webserver</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <address>xxx.xxx.xxx.12</address>
            <port>3389</port>
         </destination>
         <log/>
         <descr>RDC Webserver</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <address>xxx.xxx.xxx.13</address>
            <port>3389</port>
         </destination>
         <log/>
         <descr>RDC Webserver</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <address>xxx.xxx.xxx.15</address>
            <port>3389</port>
         </destination>
         <log/>
         <descr>RDC Webserver</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <address>xxx.xxx.xxx.17</address>
            <port>3389</port>
         </destination>
         <log/>
         <descr>RDC Webserver</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <address>xxx.xxx.xxx.19</address>
            <port>3389</port>
         </destination>
         <log/>
         <descr>RDC Webserver</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <address>xxx.xxx.xxx.20</address>
            <port>3389</port>
         </destination>
         <log/>
         <descr>RDC Webserver</descr>
      </rule>
      <rule>
         <type>pass</type>
         <descr>Default LAN -&gt; any</descr>
         <interface>lan</interface>
         <source>
            <network>lan</network>
         </source>
         <destination>
            <any/>
         </destination>
      </rule>
      <rule>
         <type>pass</type>
         <interface>lan</interface>
         <source>
            <address>xxx.xxx.xxx.1/24</address>
         </source>
         <destination>
            <any/>
         </destination>
         <frags/>
         <descr>PD3 Lan Override</descr>
      </rule>
   </filter>
   <shaper/>
   <ipsec/>
   <aliases/>
   <proxyarp>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.227/32</network>
         <descr>NAT Dns/Email</descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.228/32</network>
         <descr>NAT Backup/Util</descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.229/32</network>
         <descr>NAT Database</descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.230/32</network>
         <descr>NAT Virtual app</descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.231/32</network>
         <descr>NAT test</descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.232/32</network>
         <descr>NAT </descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.233/32</network>
         <descr>NAT </descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.234/32</network>
         <descr>NAT </descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.235/32</network>
         <descr>NAT </descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.236/32</network>
         <descr>NAT </descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.237/32</network>
         <descr>NAT </descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.238/32</network>
         <descr>NAT </descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.239/32</network>
         <descr>NAT </descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.240/32</network>
         <descr>NAT Web</descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.241/32</network>
         <descr>NAT </descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.242/32</network>
         <descr>NAT </descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.243/32</network>
         <descr>NAT </descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.244/32</network>
         <descr>NAT </descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.245/32</network>
         <descr>NAT </descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.246/32</network>
         <descr>NAT </descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.247/32</network>
         <descr>NAT </descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.248/32</network>
         <descr>NAT </descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.249/32</network>
         <descr>NAT </descr>
      </proxyarpnet>
      <proxyarpnet>
         <interface>wan</interface>
         <network>yyy.yyy.yyy.250/32</network>
         <descr>NAT </descr>
      </proxyarpnet>
   </proxyarp>
   <wol/>
</m0n0wall>
« Reply #2 on: May 28, 2008, 01:59:48 »
xaustinx *
Posts: 3
This is still a problem, and now we *NEED* those ip addresses.  The forums appear to be a bit more active now than they were, please if anyone has ANY suggestions let me know.

thanks
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines