General Questions

There is a website that is hosted behind the firewall, using NAT.
when I try to access this website by typing in the domain name or the external ip it will give me the login for the gui for monowall.

To clear something up, if someone else types in the domain name from a different location not behind the firewall they will get to the site just fine.

Is there anything to do to fix this so it doesn't do that anymore?

I believe that the inbound NAT only forwards traffic arriving on the WAN interface.  If you are accessing it from the LAN you will hit the LAN interface.

http://doc.m0n0.ch/handbook/faq-lannat.html

cmb, thanks for the link to that faq!  I've run into this problem and was trying to find a way around it so that all users on our LAN can access our website.  Under Services -> DNS Forwarder, I tried to create a rule that would resolve our website name to the internal server IP - but this hasn't fixed the issue.  I still just get the login window for the m0n0wall.

Has anybody got this to work?  Any tips or pointers on how to correctly set this up, as it's entirely possible I'm doing something stupid?

Thanks!

On you DNS forwarder you have create one duplicate to m0n0wall or not?

Basic question, but I have to ask it.

What IP address do you get when you ping the box.  You may need to flush the local DNS cache.

Hey guys, thanks for the responses!  I just now re-checked this forum, so sorry for the delay.

astaro, if I understand you correctly, I should have one rule under DNS Forwarding that directs traffic toward the m0n0wall, and another that points toward our webserver?  I kinda tried this with the following (192.168.3.254 = m0n0wall, 192.168.3.3 = webserver.)

      Domain name                    IP
1)  (ourdomainname.com)      192.168.3.3
2)  monowall.org                     192.168.3.254

I still hit the login for the m0n0wall when I try to reach our website, however.

markb, when I ping the m0n0wall, I get the response from its IP, (same with our server internal IP.)  However, when I ping by our domain name, the proper external IP address shows up in the outgoing, but there's no response.  Any ideas?  How does one flush the DNS cache?  To be honest, I'm new to a lot of this just trying to make my way around!  I really appreciate any suggestions.

Basically, assuming that your DNS is hosted externally, as your local machines on the LAN use the mono box for their DNS lookup, you need to add an entry in the DNS on the monowall using the same FQDN (Fully Qualified Domain Name) i.e. host name and domain e.g. www.somedomain.com where www is the host name and somedomain.com is the domain name.

For example.  The WAN port of your mono has IP 193.58.133.232  You set up an external DNS entry, either Dynamic DNS if you have a dynamic address or through the management of your domain name to point www.somedomain.com to 192.58.133.232  Your Web server sits on your local network as 192.168.3.3 You add a inbound nat for destination port 80 from all destinations to forward to 192.168.3.3 port 80 and let it create the rule for you.  Now external clients can see your web server.  However due to the problems previously mentioned you still cannot see the web server by FQDN as it resolves to the external IP of your mono box.  This is because the mono box does not have it's own entry for this FQDN and resolves it externally.  You therefore add an entry in the DNS forwarder for the FQDN of the web server.  i.e www.somedomain.com and point it to 192.168.3.3

With regards to flushing DNS, when your PC looks up a site, it caches the IP address and doesn't look it up on the DNS server.  This means that when you modify a DNS entry it doesn't show up straight away.  To work round this, you need to flush the local DNS cache.  To do this on a windows PC, go to the run command and type "ipconfig /flushdns"  without "".

Hope you managed to follow this.