News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: unable to access external website from LAN
Pages: [1]
Topic: unable to access external website from LAN  (Read 2621 times)
« on: June 02, 2008, 21:00:37 »
servicad *
Posts: 4
hi there

we have 2 websites running on port 80 on the same server these websites are seperated by HTTP headers.

The problem i am having is when I try to access the external website from the Lan i recieve a password Prompt for the Monowall instead of being redirected to the external website.
The internal website works fine so does the external website as long as you are outside of the lan.

Do I need to create a lan to wan rule to fix this ?
« Reply #1 on: June 02, 2008, 21:50:48 »
Fred Grayson *****
Posts: 994
Have you read this yet?

http://doc.m0n0.ch/handbook/faq-lannat.html
--
Google is your friend and Bob's your uncle.
« Reply #2 on: June 02, 2008, 22:28:20 »
servicad *
Posts: 4
actually I was just reading it guess there is no need for comments or suggestions.
Think this might no be the best solution to use as a firewall then for this location.
 Sad
Shame to as I really like it.
« Reply #3 on: June 02, 2008, 22:31:54 »
Fred Grayson *****
Posts: 994
M0n0wall isn't the only firewall that has this problem, I'd venture to say that more do than don't.

There are workarounds, including populating host files.
--
Google is your friend and Bob's your uncle.
« Reply #4 on: June 02, 2008, 22:51:55 »
servicad *
Posts: 4
yes but to go around and manually populate  hosts files is a major pain in the ass.
I was hoping to get them off the  router they are using however as much as I dont like this router it does what I need it to.

I see on the wishlist there is
allow bouncing with inbound NAT mappings (see this)

guess there is no ETA on this being included in a release anytime soon.

is there any other workarounds you can recommend ??
« Last Edit: June 03, 2008, 16:06:42 by servicad »
« Reply #5 on: June 02, 2008, 23:16:33 »
Fred Grayson *****
Posts: 994
The only workarounds I know of are m0n0wall's built-in DNS forwarder (with the appropriate overides) or hosts file entries.
--
Google is your friend and Bob's your uncle.
« Reply #6 on: June 03, 2008, 07:35:27 »
knightmb ****
Posts: 341
Quote from: servicad on June 02, 2008, 21:00:37
hi there

we have 2 websites running on port 80 on the same server these websites are seperated by HTTP headers.

The problem i am having is when I try to access the external website from the Lan i recieve a password Prompt for the Monowall instead of being redirected to the external website.
The internal website works fine so does the external website as long as you are outside of the lan.

Do I need to create a lan to wan rule to fix this ?

If your WAN IP is the same one that the firewall shares, first you need to go into "General setup" and change the web GUI port from 80 to something else, like 8080 for example.  Save and reboot m0n0wall to get the new changes to take effect.

Go back into your m0n0wall (via http://192.168.0.1:8080/ or similar), I'll assume you already have a inbound NAT mapping to your web server. So everyone else can access your website from the Internet, but those on the LAN still can't as they hit the "firewall" IP.

Next you go to your firewall rules, create a new rule under the WAN section with these settings:
Action: Pass
Disabled: <ignore>
Interface: WAN
Protocol: TCP
ICMP Type: <ignore>
Source: any
Source port range: any
Destination: WAN address
Destination Port Range: HTTP
Fragments: <ignore>
Log: <ignore>
Description: *Make up anything you like*

That should allow a bounce through the firewall to your web server, assuming it shares the sam external WAN ip as your firewall.
Radius Service for m0n0wall Captive Portal - http://amaranthinetech.com
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines