News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: Simple Rule/NAT Setup...I thought
Pages: [1]
Topic: Simple Rule/NAT Setup...I thought  (Read 2928 times)
« on: March 25, 2010, 21:55:40 »
GByePorkPieHat *
Posts: 4
M0n0wall newbie here.
Breakin' my head trying to enable remote VoIP endpoints for our InterTel Axxess switch.
“Someone” began this effort before I got here, and successfully opened ONE of the ports this setup requires.
I'm just trying to open ONE more port with identical Rule/NAT combo; no luck.
See below for info on the two Rule/NAT combos I'm working with.
Can't figure out for anything WHY one rule works, the other doesn't.
The logs are no help. 
I have no 'BLOCK'/'REJECT' rules set up and rearranging the order seems to have no effect.
Thanks in advance for any tips you can provide.

This Rule/NAT combo works; port is open.
Firewall:Rules:WAN
Proto: TCP
Source: *
Source Range: *
Dest: 192.168.1.132
Port: 5566

Firewall:NAT:Inbound
Ext Address: Interface Address
IF: WAN
Proto:TCP
Ext. Port Range:5566
NAT IP:192.168.1.132
Int. Port Range:5566

THIS Rule/NAT combo does NOT work; port is NOT open.
Firewall:Rules:WAN
Proto: TCP
Source: *
Source Range: *
Dest: 192.168.1.132
Port: 5567

Firewall:NAT:Inbound
Ext Address: Interface Address
IF: WAN
Proto:TCP
Ext. Port Range:5567
NAT IP:192.168.1.132
Int. Port Range:5567
« Reply #1 on: April 02, 2010, 18:57:30 »
GByePorkPieHat *
Posts: 4
An update:  I have created a 1:1 NAT for the InterTel Axxess switch, and am now seeing the InterTel 8622 endpoint attached remotely to the switch.
I can place and receive calls with this endpoint. Yay!
Trouble is, I get no audio, Boo!

Public IP 71.40.x.x is 1:1 NAT'd to 192.168.1.132. Ok fine.
Now, automagically, calls pass through AND port 5566 (for which I no longer have a rule configured) shows open when I do a zenmap scan from off the LAN.
Do I still need to create NATs and Rules for the ports I need open?
I have rebooted m0n0wall, reset state...Next step?...Float test this sucker and replace it with something 'predictable'.
« Reply #2 on: April 07, 2010, 21:58:10 »
GByePorkPieHat *
Posts: 4
So...now I've updated my firmware from v1.235b to v1.31.
Didn't think it would have any effect, but I'm running out of ideas.

Does m0n0wall prefer goats or chickens re: ritual sacrifice?  Angry
« Reply #3 on: April 08, 2010, 18:02:56 »
GByePorkPieHat *
Posts: 4
Wow...this is turning into a diary...
Question I have now is:
I have my 1:1 NAT set up from my InterTel Axxess 5000 switch and my n0n0wall,
There are ports I need to open (5070 TCP, 5004-5569 UDP). Do I/Can I open these for the 1:1 NAT?
I get the feeling I cannot open these ports for the 1:1 NAT; but I don't know.

Other question I have:
I can open/close port 5566 TCP all day long to the WAN interface.
I cannot open other ports; need 5004-5569 UDP, and 5070 TCP.
What gives here?  This is practically a new installation at this point, but still it behaves the same.
Anybody?
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines