News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: NAT prot forwarding
Pages: [1]
Topic: NAT prot forwarding  (Read 3372 times)
« on: July 31, 2009, 13:22:42 »
curdegn *
Posts: 6
Hi,

I am quit new at M0n0wall, using following M0n0wall version: "embedded-1.3b16.img" on a ALIX board.
So far most things go well, have to say a very very nice Firewall system, many thanks.

There is one think I am currently "fighting" with. So before using more time trying to solve it, I like to ask if my problem may be a bug in the beta release I am using (see above):

My M0n0wall-box filters between following networks:
- external Network: 192.168.80.0 (official Lan, everyone can use, guest etc..)
- external IP:192.168.80.99
- internal Network: 192.168.1.0 (private Lan)
- internal IP:192.168.1.1

Inside the internal network, I have a SSH server (192.168.1.50) witch I want to be accessible from the external LAN as well. The according configuration of M0N0wall, NAT rule + Automatic Firewall rule seems quite simple and self explaining to me. To make sure I do not miss something I also watched the according screencast.
Configuration looks OK (see attachment). But unfortunately SSH does not work and also nmap used from the external network does not show any open port at m0n0walls IP (192.168.80.99).

Is it a Beta bug, or did i do something wrong?
Many thanks for any advices

* m0n0wall-NAT-Firewall2.jpg (82.07 KB, 765x1300 - viewed 302 times.)
« Reply #1 on: July 31, 2009, 13:45:54 »
curdegn *
Posts: 6
Its me again.
looks like the firewall is blocking the SSH connection request to port 22, see attached Firewall log.

Any suggestions....

* firewall-log.jpg (23.43 KB, 575x313 - viewed 317 times.)
« Reply #2 on: August 14, 2009, 22:44:18 »
curdegn *
Posts: 6
Hi,

Is there anyone with the same problem?
« Reply #3 on: August 15, 2009, 02:45:36 »
gus *
Posts: 27
You need to remove the rule that blocks 1918 networks.  your external IP is a 1918 address..  the rules are executed from the top down.  if you still want to block the 1918 addresses after the allow, you will have to add the address spaces manually.
« Reply #4 on: August 15, 2009, 07:40:03 »
curdegn *
Posts: 6
Many thanks for that advise. I see, I'am a bloody beginner.
« Reply #5 on: August 22, 2009, 02:05:02 »
gus *
Posts: 27
did my suggestion resolve this?
« Reply #6 on: August 22, 2009, 07:27:07 »
curdegn *
Posts: 6
Code:
did my suggestion resolve this?
Yes, I just removed the rule that blocks 1918 networks and all works fine.

BTW:
Do you know how I can add this rule again on the end of the rules list?
« Reply #7 on: August 22, 2009, 17:23:41 »
gus *
Posts: 27
to my knowledge, you can't add the single 1918 rule back in.  you have to add the networks in individual rules.  I also block the 127 localhost addresses as well.  check out the screenshot.

* 1918.JPG (16.98 KB, 567x217 - viewed 297 times.)
« Reply #8 on: August 23, 2009, 08:43:02 »
curdegn *
Posts: 6
works great, thanks
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines