Firewall/NAT

Hi,

I am new here, but been using monowall since some time now.

My question/problem is the following:

I have a xdls modemrouter who dials in to provider (fixed ip 192.168.1.1) behind that, i have my monowall (fixed WAN 192.168.1.10, fixed LAN 192.168.6.1)

in the modemrouter, 192.168.1.10 is set as DMZ, also portforwarding is set to 192.168.1.10

In monowall, fortforwardings are set to 192.168.6.x

I can't get my portforwardings to work, and i don't have a clue where it may have gone wrong...

Happy to hear your thoughts!!

You say that you are connecting to your ISP via a private network address and they provide you a static WAN address also in a private network.

It is obvious that your ISP is doing NAT for you, but this does not mean that they have also opened and forwarded all ports to your private WAN address.

Prior to inserting m0n0wall into your setup, have you ever been able to successfully do any port forwarding using the ISP supplied equipment?

It's entirely possible that your connection is configured to allow only responses to your outgoing traffic back in, but not any unsolicited inbound traffic. Allowing the latter is a requirement to have ports exposed to the public internet.

I'm not exactly sure that i get what you are saying, but i can add the following info:

The modemrouter gets a public ip trough dhcp from the provider. (WAN side)
The modemrouter had a fixed ip (192.168.1.1) on the LAN side, that i configured myself.
The monowall has a static ip WAN side (192.168.1.10) end a static ip (192.168.6.1) LAN side.
All of my computers get a dhcp adress from the monowall in the 192.168.6.x range.

This setup previously worked with a different provider.

I was in the understanding that since i put 192.168.1.10 (wan monowall) in DMZ on the modemrouter, all traffic should be able to pass?

When i enter ports in http://canyouseeme.org/ i get a positive result.
The service that i need however isn't getting trough

Thanks for thinking with me!

Can you put the ISP provided modemrouter into bridging mode so that m0n0wall's WAN interface can get the public IP address via DHCP?

ISP's "helldesk" said it probably is possible, but they don't support it,.. i had to google it :s

we also have VOIP trough ISP's modem, so removing it is not an option

Not sure what to say now.

If you are convinced that configuring the ISP modem/router to place m0n0wall's WAN IP in a DMZ will work, then your m0n0wall NAT statements and firewall rules would be suspect. We haven't seen any of those yet.

Note that what you are referring to as modem/router DMZ has a meaning different from DMZ in m0n0wall.