News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: Firewall is still blocking traffic from even if rules say to pass all packages
Pages: [1]
Topic: Firewall is still blocking traffic from even if rules say to pass all packages  (Read 5299 times)
« on: September 07, 2011, 18:12:30 »
klauskleber *
Posts: 1
Hi at all,

I want to use m0n0wall as an bridge between a WIFI network (10.0.126.1/24) and a LAN network (10.0.125.1/24). Because both networks are private, I want to disable the firewall completely to pass all packages between both networks (see attachments monowall-LAN.png and monowall-WAN.png).
But now, the firewall log (monowall-log.png) tells me, that all packages that are coming from outside (wifi-network 10.0.126.1/24) and using ports higher than 50000 are blocked, whereas packages from ports lower than 50000 are passed.

How can this be? How can I let the firewall pass all the packages, not only packages using ports lower than 50000?

Thank you.

Regards.

* monowall-LAN.png (22.08 KB, 573x284 - viewed 370 times.)

* monowall-WAN.png (19.91 KB, 573x253 - viewed 325 times.)

* monowall-log.png (142.2 KB, 494x1033 - viewed 351 times.)
« Reply #1 on: September 11, 2011, 11:54:18 »
supi007 *
Posts: 6
Hi all,

I am new in this m0n0wall thing, but I am not new in the networks.
Somebody explain to me please why I do not able to connect to my server in my LAN if I have done an any-to-any rule in my m0n0wall firewall?
This is madness. Angry
So I tested that I connected via rdp to another machine and there I started a connection towards my m0n0wall, but nothing.
I also tried to connect via HSDPA from my handy, but nothing.
Every services are perfectly available from my LAN, but I am not able to use them from the internet.
Could anybody tell me something what should I do? Huh

My setting:

Ifprotosourceportdestportdescription
WAN*****my description


{This is the poison(anger) not the cyanide.}

Thanks in advance:
supi007
« Reply #2 on: September 11, 2011, 15:46:59 »
Fred Grayson *****
Posts: 994
Quote from: supi007 on September 11, 2011, 11:54:18
My setting:

Ifprotosourceportdestportdescription
WAN*****my description


The above is a Firewall Rule. Where is the Firewall NAT that goes with it?
--
Google is your friend and Bob's your uncle.
« Reply #3 on: September 11, 2011, 19:53:31 »
supi007 *
Posts: 6
Hello fredg,

Here you are my Inbound NAT:
 
IfProtoExt. port rangeNAT IPInt. port rangeDescription
WANTCP3389192.168.99.103389rdp 

Otherwise this not belongs to the firewall rule, but that rule involves this NAT rule. Or am I wrong? Is this what you expected?

Br,
supi007
« Reply #4 on: September 11, 2011, 20:21:59 »
supi007 *
Posts: 6
I went to my neighbour and I tried to connect from him. It was unsuccessed. Thus something completly wrong but what?

{It is simple, isn't it?}

Br,
supi007
« Reply #5 on: September 11, 2011, 23:04:31 »
NCSIdaho *
Posts: 15
Supi try this
Below would be the standard settings for RDP pass thru
The Incoming NAT rule should be:  

If            Proto    Ext. port range                   NAT IP                        Int. port range       Description
WAN     TCP/UDP            3389             Your Computers Internal IP              3389                    RDP  

Fire Wall Rule Applied to the WAN Interface:

Proto    Source         Port              Destination                      Port    Description
TCP/UDP       *             *      Your Computers Internal IP         3389       RDP
« Reply #6 on: September 11, 2011, 23:21:06 »
NCSIdaho *
Posts: 15
Quote from: klauskleber on September 07, 2011, 18:12:30
Hi at all,

I want to use m0n0wall as an bridge between a WIFI network (10.0.126.1/24) and a LAN network (10.0.125.1/24). Because both networks are private, I want to disable the firewall completely to pass all packages between both networks (see attachments monowall-LAN.png and monowall-WAN.png).
But now, the firewall log (monowall-log.png) tells me, that all packages that are coming from outside (wifi-network 10.0.126.1/24) and using ports higher than 50000 are blocked, whereas packages from ports lower than 50000 are passed.

How can this be? How can I let the firewall pass all the packages, not only packages using ports lower than 50000?

Thank you.

Regards.

Hi klauskleber
Do you need the wireless to be on a separate network? If not go to "interfaces" Select the wireless interface and under "IP Configuration"
Select Bridge with LAN.

Then under Firewall Rules both the LAN and Wireless interfaces need this rule

Proto    Source    Port    Destination    Port    Description
*            LAN net    *          *                  *         Default

I hope that helps
« Reply #7 on: September 12, 2011, 15:21:22 »
supi007 *
Posts: 6
Quote from: NCSIdaho on September 11, 2011, 23:04:31
Supi try this
Below would be the standard settings for RDP pass thru
The Incoming NAT rule should be:  

If            Proto    Ext. port range                   NAT IP                        Int. port range       Description
WAN     TCP/UDP            3389             Your Computers Internal IP              3389                    RDP  

Fire Wall Rule Applied to the WAN Interface:

Proto    Source         Port              Destination                      Port    Description
TCP/UDP       *             *      Your Computers Internal IP         3389       RDP
Hello NCSIdaho,

Thank you for the post, but unfortunately it did not help.
I cannot imagine what can be the problem. Really. I tried all of the settings, but nothing helped.
Probably do you have a proper configuration example? Could you send me as a private message?
(Of course without any personal information, I mean your WAN IP or kind of that things.)
What do you think? Roll Eyes

Br,
supi007
« Reply #8 on: September 12, 2011, 18:09:00 »
NCSIdaho *
Posts: 15
Hi supi007
I have attached a PDF with screen shots of a working m0n0wall configuration of NAT and Firewall rules
Let me know if that helps

-Phil
* M0n0wall Rules Example.pdf (205.03 KB - downloaded 228 times.)
« Reply #9 on: September 12, 2011, 21:02:13 »
supi007 *
Posts: 6
Quote from: NCSIdaho on September 12, 2011, 18:09:00
Hi supi007
I have attached a PDF with screen shots of a working m0n0wall configuration of NAT and Firewall rules
Let me know if that helps

-Phil
Hello NCSIdaho,

it helps but not that way as you think. Undecided
I set up my m0n0 as I saw in your pdf. (I attached mine.)
Actually I guess this is not about the rules. I tried from every aspect almost in every constellation and nothing.
It must be something else, but without help I cannot image what might be. (Do not know, perhaps incompatible NIC's or bad firmware, btw I use version 1.33)
So I do not have clue.

I read a lot and everybody tells there is nothing special around the settings. I read the handbook but I have not found any particular configuration element.
And as matter of fact I am not able to ask anything because I am out of the questions. It simple does not work from external networks. Huh
Weird.

Br,
supi007
* m0n0wall_supi007.pdf (201.34 KB - downloaded 145 times.)
« Reply #10 on: September 12, 2011, 21:51:43 »
NCSIdaho *
Posts: 15
That looks right, is your WAN IP a public static? or is it natted thru a a DSL modem?
« Reply #11 on: September 12, 2011, 22:07:52 »
supi007 *
Posts: 6
Hello all,

I wrote a very deep touching post where I thanked your help but it has been lost Roll Eyes
Btw everything is all right. It was my mistake.
When I was changing the router (I changed the IP address too) I forgot to change the Default Gateway IP address on my Server. Embarrassed
This caused all of the problems and I am the only person who is responsible for that ... (I am ox.)
Thanks again for your time and cooperation finally it works and this is the point.

Br,
supi007
« Last Edit: September 12, 2011, 22:09:27 by supi007 »
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines