News: This forum is now permanently frozen.
Pages: [1]
Topic: Alix --> Bridgefilter funktioniert nicht (V 1.3b)  (Read 1983 times)
« on: June 25, 2008, 17:31:14 »
NetJump *
Posts: 2

Guten Tag

Ich verwende die M0n0wall auf einem Alix Board. Bis auf eines funktioniert alles einwandfrei: Die Filterfunktion bei aktivierter Bridge. Ich verwende die M0n0wall in einem RZ und möchte nur die Bridgefunktion nutzen (LAN Routing mit NAT wird ab und zu Mal für Wartungsarbeiten verwendet...).

1) IP's, DNS, GW .. konfiguriert
2) Ich habe alle Ports geöffnet im Filter der FW.
3) Bridge zwischen WAN und DMZ aktiviert.
4) Filter für Bridgefunktion aktiviert.

Nun kann ich den Rechner im DMZ Bereich (hinter der Bridge) zwar noch pingen aber sonst kann ich auf keinster Weise darauf zugreifen.

Hat irgend jemand eine Ahnung woran dies liegen könnte?

Vielen Dank und freundliche Grüsse
NetJump
« Reply #1 on: July 23, 2008, 21:04:31 »
NetJump *
Posts: 2

Hier noch die Config des Gerätes. Vielleicht findet jemand etwas weiteres raus...

<?xml version="1.0"?>
<m0n0wall>
   <version>1.8</version>
   <lastchange>1216587558</lastchange>
   <system>
      <hostname>firewall</hostname>
      <domain>anonymous</domain>
      <dnsallowoverride/>
      <username>anonymous</username>
      <password>anonymous</password>
      <timezone>Etc/GMT+1</timezone>
      <time-update-interval>300</time-update-interval>
      <timeservers>3.m0n0wall.pool.ntp.org</timeservers>
      <webgui>
         <protocol>https</protocol>
         <port/>
         <certificate>anonymous</certificate>
         <private-key>anonymous</private-key>
         <expanddiags/>
      </webgui>
      <notes>anonymous</notes>
      <dnsserver>anonymous</dnsserver>
      <dnsserver>anonymous</dnsserver>
   </system>
   <interfaces>
      <lan>
         <if>vr1</if>
         <ipaddr>192.168.100.1</ipaddr>
         <subnet>24</subnet>
         <media/>
         <mediaopt/>
      </lan>
      <wan>
         <if>vr0</if>
         <media/>
         <mediaopt/>
         <spoofmac/>
         <ipaddr>anonymous</ipaddr>
         <subnet>24</subnet>
         <gateway>anonymous</gateway>
      </wan>
      <opt1>
         <if>vr2</if>
         <descr>DMZ</descr>
         <ipaddr/>
         <subnet>31</subnet>
         <bridge>wan</bridge>
         <enable/>
      </opt1>
   </interfaces>
   <staticroutes/>
   <pppoe/>
   <pptp/>
   <bigpond/>
   <dyndns>
      <type>dyndns</type>
      <username/>
      <password/>
      <host/>
      <mx/>
      <server/>
      <port/>
   </dyndns>
   <dnsupdate/>
   <dhcpd>
      <lan>
         <enable/>
         <range>
            <from>192.168.100.5</from>
            <to>192.168.100.50</to>
         </range>
      </lan>
   </dhcpd>
   <pptpd>
      <mode/>
      <nunits>16</nunits>
      <redir/>
      <localip/>
      <remoteip/>
   </pptpd>
   <dnsmasq>
      <enable/>
   </dnsmasq>
   <snmpd>
      <syslocation/>
      <syscontact/>
      <rocommunity>public</rocommunity>
   </snmpd>
   <diag>
      <ipv6nat>
         <ipaddr/>
      </ipv6nat>
   </diag>
   <bridge>
   </bridge>
   <syslog>
      <nentries>1000</nentries>
      <remoteserver/>
      <nologdefaultblock/>
   </syslog>
   <nat/>
   <filter>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <source>
            <any/>
         </source>
         <destination>
            <any/>
         </destination>
         <descr/>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <any/>
            <port>21</port>
         </destination>
         <descr>Allow FTP</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <any/>
            <port>25</port>
         </destination>
         <descr>Allow SMTP</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp/udp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <any/>
            <port>53</port>
         </destination>
         <descr>Allow DNS</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <any/>
            <port>80</port>
         </destination>
         <descr>Allow HTTP</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <any/>
            <port>110</port>
         </destination>
         <descr>Allow POP3</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <any/>
            <port>444</port>
         </destination>
         <descr>Allow anonymous</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <any/>
            <port>465</port>
         </destination>
         <descr>Allow SMTP over SSL</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <any/>
            <port>995</port>
         </destination>
         <descr>Allow POP3 over SSL</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp/udp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <any/>
            <port>3389</port>
         </destination>
         <descr>Allow RDP (Remote Desktop)</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <any/>
            <port>8443</port>
         </destination>
         <descr>Allow Plesk</descr>
      </rule>
      <rule>
         <type>block</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <any/>
            <port>135</port>
         </destination>
         <descr>Block NetBios</descr>
      </rule>
      <rule>
         <type>block</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <any/>
            <port>445</port>
         </destination>
         <descr>Block Microsoft DS</descr>
      </rule>
      <rule>
         <type>block</type>
         <interface>wan</interface>
         <protocol>tcp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <any/>
            <port>902-912</port>
         </destination>
         <descr>Block VMWare GSX Server</descr>
      </rule>
      <rule>
         <type>block</type>
         <interface>wan</interface>
         <protocol>icmp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <any/>
         </destination>
         <descr>Block ICMP ALL!</descr>
      </rule>
      <rule>
         <type>block</type>
         <interface>wan</interface>
         <source>
            <any/>
         </source>
         <destination>
            <any/>
         </destination>
         <frags/>
         <descr>Block all other Traffic</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>opt1</interface>
         <source>
            <any/>
         </source>
         <destination>
            <any/>
         </destination>
         <descr/>
      </rule>
      <rule>
         <type>pass</type>
         <interface>lan</interface>
         <protocol>tcp/udp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <any/>
            <port>5190</port>
         </destination>
         <frags/>
         <descr>Allow ICQ/QIP</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>lan</interface>
         <protocol>tcp/udp</protocol>
         <source>
            <any/>
         </source>
         <destination>
            <any/>
            <port>80</port>
         </destination>
         <frags/>
         <descr>Allow HTTP</descr>
      </rule>
      <rule>
         <type>pass</type>
         <interface>lan</interface>
         <source>
            <any/>
         </source>
         <destination>
            <any/>
         </destination>
         <descr/>
      </rule>
      <rule>
         <type>pass</type>
         <descr>Default IPsec VPN</descr>
         <interface>ipsec</interface>
         <source>
            <any/>
         </source>
         <destination>
            <any/>
         </destination>
      </rule>
      <tcpidletimeout/>
      <allowipsecfrags/>
      <bypassstaticroutes/>
   </filter>
   <shaper/>
   <ipsec>
      <dns-interval/>
   </ipsec>
   <aliases/>
   <proxyarp/>
   <wol/>
</m0n0wall>
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines