Firewall/NAT

I am running a Monowall version 1.233 firewall in a pretty straight forward configuration that contains two NIC (WAN/LAN).  The monowall is used internally to segment a testing envirnoment from our production environment.  We have a Java client application that is used (wan side) that connects to a server on the LAN side.  I created the necessary ports:

WAN-> IP Any-> any Src Port -> 172.16.1.8 Port 80
WAN-> IP Any-> any Src Port -> 172.16.1.8 Port 5050
WAN-> IP Any-> any Src Port -> 172.16.1.8 Port 1097
WAN-> IP Any-> any Src Port -> 172.16.1.8 Port 5138
WAN-> IP Any-> any Src Port -> 172.16.1.8 Port 2138
WAN-> IP Any-> any Src Port -> 172.16.1.8 Port 1098
WAN-> IP Any-> any Src Port -> 172.16.1.8 Port 5137

When we test the application it fails.  Looking at the log on the firewall it shows that packets are blocked coming from the WAN interface from XXX.XXX.XXX.XXX port XXX to 172.16.1.8 on port 1097

I deleted all the rules and recreated them with similiar results.  But instead of port 1097 being blocked it was 5137.

Any ideas?

Thanks
Robert Graham

I would Try resetting states.  There may be something not getting flushed out of the system?

Do you have the necessary firewall rules to allow this traffic as well?

Aaron

2nd thought: Is your other network on a private IP net?  If so, you will need to check the box to allow private IPs (I think it is on the general setup page or the WAN interface page).

Aaron

Aaron,

Thanks for the reply.  I figured it out.  The client that was trying to making a connection thru port 1097 had two NICs.  One for the LAN, and the other for the iSCSI SAN.  The binding order was incorrect and the request were using the iSCSI SAN NIC which was being blocked.

Thanks for your help.

-Robert