General Questions

Hi Guys.
Sorry, but I have no idea where to start here.

I've been using m0n0wall for a while now as a simple DHCP server just to get an IP address to a machine like when I implement a new virtual appliance on my network, etc.

It gets an IP address, then I log into it via that DHCP address and change things from there. It never uses that DHCP address again. It's just to get things off the ground.

Since I don't really use it as a wide-spread DHCP server (all machines in my network are static - DNS provided elsewhere), I only have 2 or 3 addresses in my DHCP pool.

Now, yesterday things changed....due to a special need with one of our systems (a notebook computer) I decided to start using statically asigned DHCP addresses in m0n0wall (i.e. on the "Services: DHCP server" page) so that when it is here on our network, it would always have the correct IP address, and be able to get an address from other DHCP servers when away from here.

This seemed to work fine at first; when configured to be a DHCP client, it got the correct IP address. However, even though it gets echo responses from other places when pinged by FQDN (so I know that DNS is working), it can't get any pages to come up in a web browser.

Any ideas?

steven

Doh!   
Actually, I just tested it with a different computer being the DHCP client and no such problem.
So, I'm assuming the first one has some other kind of problem.

Sorry to bother you guys with such silliness.
I will report back here once I have it figured out - or ask more if I don't get it figured out.

steven

Ok, now I really feel stupid...
When I tested it yesterday with the second client, I totally neglected to check browser access to the internet (which is my whole point for startign this thread asking for help in the first place).

I just went and tried it now, and it is in fact having the same problem as the original.

So, I do need help with M0n0wall.

Any ideas?
steven

Where is the gateway.  When Mono assigns a DHCP address it will give itself as the gateway.  Does the Mono box have a route to the internet?

Hi Mark.
The gateway is on the same subnet, and yes, M0n0wall does indeed have a route to the internet.

Just to make sure I'm on the same page with what you mean....I go to the ping page and get a response from pinging www.google.com (a correct response).

Beyond that, I've already stated that the DHCP clients have a route. So, that's obviously not the issue anyway.

Again....They can get to anywhere on the outside (i.e. echo responses for ping requests to google, others, etc), but just can't browser anywhere with web browser.

Any ideas?

steven

Can you post a diagram of your network layout.  It could be a couple of issues.

[https://MyM0n0wall/interfaces_lan.php]

Can you post a diagram of your network layout.  It could be a couple of issues.

Oh my.
What kind of diagram; like Visio or something?

I could more easily post a list of details than a diagram.
How much detail do you want?

Here's some...

I'm running VMware's ESX Server, and the m0n0wall client is a VM running in this ESX server.

The Dell box on which ESX is running has a number of NICs, and I have a number of vSwitches configured; with the VMs using one or more of the available NICs for their network connectivity.

As for the network, logically....we have a subnet separate from the rest of campus; I'll call it a 10 network for simplicity here, and use 10.0.0.0/255.255.255.0 for discussion purposes.

The default gateway on the subnet is address 10.0.0.1 (i.e. that's how we get out to the rest of the campus network as well as the outside world).

Oh....this is all configured by the campus central IT/networking folks on their equipment.
I just control the use of IP addresses within our private subnet.

Since we use all static addresses for our servers, printers, workstations, etc, we decided not to have them provide our subnet with DHCP service.

However, after a while, I decided that I wanted a DHCP server of my own to serve up a few addresses just for things like when I'm adding new virtual appliances or testing things or whatever.

My search lead me eventually to M0n0wall. It seemed like the simplest and easiest way for me to get a simple DHCP server up and running. I downloaded someone's virtual appliance of it from VMware's website I think, imported it and it's been working fine for my original purpose for months now.

Now, I decided to use it to give one of my mobile users an IP address from a DHCP server (with it being static via M0n0wall's MAC registration feature) so that it could remain configured as a DHCP client in case he ever wanted to get an address from a DHCP server on another network where he needs to use the wired connection.

Ok, back to my network...

https://MyM0n0wall/interfaces_lan.php
Interfaces: LAN
10.0.0.222

https://MyM0n0wall/interfaces_wan.php
Interfaces: WAN
10.0.0.221
gateway: 10.0.0.1

https://MyM0n0wall/firewall_rules.php?if=lan
Firewall: Rules
LAN:
Action: Pass
Disabled: no check
Interface: LAN
Protocol: any
ICMP type: any
Source: no check
Source port range: any any
Destination: no check
Destination port range: any any
Fragments: no check
Log: no check
Description: "Allow All Traffic from Subnet on any Interface"

https://MyM0n0wall/firewall_rules.php?if=wan
Firewall: Rules
LAN:
Action: Pass
Disabled: no check
Interface: WAN
Protocol: any
ICMP type: any
Source: no check
Source port range: any any
Destination: no check
Destination port range: any any
Fragments: no check
Log: no check
Description: "Allow All Traffic from Subnet on any Interface"

https://MyM0n0wall/firewall_nat.php
not configured

https://MyM0n0wall/firewall_shaper.php
not configured

https://MyM0n0wall/services_dnsmasq.php
enabled via checkbox
nothing else configured

https://MyM0n0wall/services_dhcp.php
enabled
Subnet: 10.0.0.0
Subnet mask: 255.255.255.0
Range: 10.0.0.223 to 10.0.0.224

When a DHCP client connects, here's what I see in the ipconfig/all feedback...

Dhcp Enabled. . . . . . . . . . . : Yes
IP Address. . . . . . . . . . . . : 10.0.0.223
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.222 (M0n0wall's LAN IP)
DHCP Server . . . . . . . . . . . : 10.0.0.222 (M0n0wall's LAN IP)
DNS Servers . . . . . . . . . . . : 10.0.0.222 (M0n0wall's LAN IP)

This DHCP client is indeed getting FQDN name resolution vid DNS forwarding in M0n0wall, because I get an echo when pinging Google, etc, but just no web browsing activity.

Too much detail?
Want more detail?

Thanks for helping, Mark.
steven

FYI...
I turned on the DHCP server on one of my Windows Servers. So, I have something that works for now, but I would really like to get this M0n0wall thing working properly.

Any more ideas?

steven

It looks to me like your WAN and LAN are configured to use the same subnet.

CS...

It looks to me like your WAN and LAN are configured to use the same subnet.

CS...

Well, yes, that is true.
Is that a problem?

I only have one subnet, and I just want this thing to be my DHCP server on that subnet.

m0n0wall is a router.  it routes packets between networks.

Time to do some reading.

CS...

m0n0wall is a router.  it routes packets between networks.

Time to do some reading.

CS...

Here we go again with the bullying.

Dude, I know what a router is.
I was looking for a simple DHCP server, and when I came across this M0n0wall virtual appliance, I thought I'd give it a try.

Now, if you just w3ant to be a jerk, go ahead, but if you actually want to help me then....

Is there a way to get this thing to just act as a DHCP server for my subnet or not?

Thanks.
steven

Is there a way to get this thing to just act as a DHCP server for my subnet or not?

Thanks.
steven

Ok, earlier comments aside, I'm having trouble understanding your question. It sounds like you already had this working, then for reasons unknown it quick working?

The simple answer is "yes" it can be a DHCP server, the only problem I see is that it will assign itself as the gateway. So if the LAN part of m0n0wall is plugged into your network assigning address, is the WAN part plugged into the other portion of your network where the Internet routes out to?

It sounds like it's a double-NAT setup? A simple diagram would probably explain more as I'm still not clear how your physical layer is setup for this.

Is there a way to get this thing to just act as a DHCP server for my subnet or not?

Thanks.
steven

Ok, earlier comments aside, I'm having trouble understanding your question. It sounds like you already had this working, then for reasons unknown it quick working?

The simple answer is "yes" it can be a DHCP server, the only problem I see is that it will assign itself as the gateway. So if the LAN part of m0n0wall is plugged into your network assigning address, is the WAN part plugged into the other portion of your network where the Internet routes out to?

It sounds like it's a double-NAT setup? A simple diagram would probably explain more as I'm still not clear how your physical layer is setup for this.

Man, I've been over this so many times with some many people.
Why doesn't anyone actually read what's gone before in this thread?

Sorry. I mean no disrespect, and I really appreciate the fact that you're trying to help me, but it is a bit frustrating to have to keep retelling the story.

No, it never stopped working.

It is still working just like it was when I first started using it.

What changed is the way I want to use it.

Both interfaces are on the same subnet; my subnet.

All clients that connect and get a DHCP address get routed out to the internet just fine.
That's not the problem.

The problem is that, even though they have connectivity to the internet (verified by authentic IP address echos from pinging Google, etc), they can not surf with web browsers.....no web browser traffic through the gateway.

So, the problem is not essentially a networking (TCP/IP) one, but something in M0n0wall is blocking the web browser traffic.

Any ideas?

steven

Is there a way to get this thing to just act as a DHCP server for my subnet or not?

Thanks.
steven

Ok, earlier comments aside, I'm having trouble understanding your question. It sounds like you already had this working, then for reasons unknown it quick working?

The simple answer is "yes" it can be a DHCP server, the only problem I see is that it will assign itself as the gateway. So if the LAN part of m0n0wall is plugged into your network assigning address, is the WAN part plugged into the other portion of your network where the Internet routes out to?

It sounds like it's a double-NAT setup? A simple diagram would probably explain more as I'm still not clear how your physical layer is setup for this.

Man, I've been over this so many times with some many people.
Why doesn't anyone actually read what's gone before in this thread?

Sorry. I mean no disrespect, and I really appreciate the fact that you're trying to help me, but it is a bit frustrating to have to keep retelling the story.

No disrespect either but, I quoted your question above, which I answered, yes it can do DHCP, which you verify that it is working.

That's fine, we will move on.

You can't browse websites, but you can ping.

So that means your can resolve DNS to ping. The next step is to look at the firewall states in m0n0wall and see if the clients are actually trying to establish a connection on port 80 to the website. If your firewall states table is empty, check the firewall logs and see if packets on port 80 are being blocked.

The fact that m0n0wall is on the same subnet and range (both LAN and WAN) means that with m0n0wall you need to make sure the "Block private networks" for the WAN setup is turned off. Otherwise, you'll encounter exactly what it sounds like where you can ping, but nothing else can get through.