Top-Themen

AppleEntwicklungHardwareInternetLinuxMicrosoftMultimediaNetzwerkeOff TopicSicherheitSonstige SystemeVirtualisierungWeiterbildungZusammenarbeit

Aktuelle Themen

Administrator.de FeedbackApache ServerAppleAssemblerAudioAusbildungAuslandBackupBasicBatch & ShellBenchmarksBibliotheken & ToolkitsBlogsCloud-DiensteClusterCMSCPU, RAM, MainboardsCSSC und C++DatenbankenDatenschutzDebianDigitiales FernsehenDNSDrucker und ScannerDSL, VDSLE-BooksE-BusinessE-MailEntwicklungErkennung und -AbwehrExchange ServerFestplatten, SSD, RaidFirewallFlatratesGoogle AndroidGrafikGrafikkarten & MonitoreGroupwareHardwareHosting & HousingHTMLHumor (lol)Hyper-VIconsIDE & EditorenInformationsdiensteInstallationInstant MessagingInternetInternet DomäneniOSISDN & AnaloganschlüsseiTunesJavaJavaScriptKiXtartKVMLAN, WAN, WirelessLinuxLinux DesktopLinux NetzwerkLinux ToolsLinux UserverwaltungLizenzierungMac OS XMicrosoftMicrosoft OfficeMikroTik RouterOSMonitoringMultimediaMultimedia & ZubehörNetzwerkeNetzwerkgrundlagenNetzwerkmanagementNetzwerkprotokolleNotebook & ZubehörNovell NetwareOff TopicOpenOffice, LibreOfficeOutlook & MailPapierkorbPascal und DelphiPeripheriegerätePerlPHPPythonRechtliche FragenRedHat, CentOS, FedoraRouter & RoutingSambaSAN, NAS, DASSchriftartenSchulung & TrainingSEOServerServer-HardwareSicherheitSicherheits-ToolsSicherheitsgrundlagenSolarisSonstige SystemeSoziale NetzwerkeSpeicherkartenStudentenjobs & PraktikumSuche ProjektpartnerSuseSwitche und HubsTipps & TricksTK-Netze & GeräteUbuntuUMTS, EDGE & GPRSUtilitiesVB for ApplicationsVerschlüsselung & ZertifikateVideo & StreamingViren und TrojanerVirtualisierungVisual StudioVmwareVoice over IPWebbrowserWebentwicklungWeiterbildungWindows 7Windows 8Windows 10Windows InstallationWindows MobileWindows NetzwerkWindows ServerWindows SystemdateienWindows ToolsWindows UpdateWindows UserverwaltungWindows VistaWindows XPXenserverXMLZusammenarbeit

M0n0wall bockiert WAN zu LAN Traffic

Frage Sicherheit Firewall

Mitglied: Maerliprinz

Maerliprinz (Level 1) - Jetzt verbinden

03.09.2012 um 11:47 Uhr, 3658 Aufrufe, 1 Kommentar

Hello Community

My Setup: m0n0wall on x86 with 4 NIC's

fxp0 - OPT1 / OFF
fxp1 - WAN / 192.168.0.xxx/24 (DHCP from ISP, ISP = Fortigate FW)
fxp2 - OPT2 / OFF
fxp3 - LAN / 10.1.1.1/24

WAN Config:
IP: 192.168.0.25
GW: 192.168.0.1
DNS: 192.168.0.10 (DNS Server)

Client Config:
IP:10.1.1.101
GW, DHCP, DNS: 10.1.1.1

What I can from the Client:
Ping: 10.1.1.1, 192.168.0.1, 192.168.0.10, 208.67.222.222, google.com (is resolved to 173.194.35.9)
Windows 7 shows Client - Network - Internet Connection as good and working.

What I can't:
Open any Internet Site, resolve any public DNS Name in Browsers (IE, Firefox)

What I did:
Created Rule to Open any incomming traffic form WAN Interface ( Protocol: *, Source: WAN Adress, Port: *, Destination: *, Port: *)
Left the defaul Rule LAN to any actice
Removed the "Block private Networks" Rule

What I know:
In the Firewall Log it reports that Traffic from WAN like 173.194.35.31:80 to 10.1.1.101:54486 is blocked
The Log fills up 20 -30 Entrys per Minute if i try to connect to google.
The Browser can connect and get stucked while waiting for data from the Internetsite

What do I do wrong? Where is the mistake?

I already rebooted, resetted, reinstalled the m0nowall without any success Sad


Acording to my understanding it should work but the WAN to LAN Traffic is somehow blocked
Mitglied: aqui
03.09.2012, aktualisiert um 13:31 Uhr
Hi Maerliprinz
According to your IP addressing you use a customized IP adressing scheme and not the default. So we assume here you have a router in between the WAN port and the internat and use 192.168.0.0 /24 as a transfer network. Is that the case here ?
This is an RFC 1918 private IP address and if you do not have modified the default FW rule on the WAN Port Setting (bottom) these RFC 1918 networks get blocked by default and would block any Internet traffic back to the local LAN port.
In case you need private IP networks on the WAN port make shur e you uncheck the "Block private IP addresses" checkbox in the default setup on the WAN port. This is mandatory in case of RFC 1918 adresses on the WAN port !
See here a screenshot how this is setup in the pfSense firewall which is fully identical to Monowall (pfSense is a sister of Monowall and actual i have no Mono screenshots at hand)

74b9195384745394760dc1697bd642f8 - Klicke auf das Bild, um es zu vergrößern

Another important thing is the question if you use static IP adressing on the WAN Port or dynamic.
In case its static you did not get a DNS server entry automatically and have to do this manually in the setup otherwise there is no DNS resolution as you can see with your client.
Here is another snapshot from the pfSense setup (Monowall ist identical) under System -> General setup

91ce38329266181ef1a92c0488f8ea17 - Klicke auf das Bild, um es zu vergrößern

So in a first step you have to take care of these settings to give basic Internet access to your clients ! Most likely you forgot to set the DNS server like described cause pinging all the other addresses in the WAN network just work as you described.
Maybe you should reset the firewall to factory defaults, make these two settings (private network rule and DNS) as described and set the default Gateway on the WAN port to .0.1 as well and start from scratch. That should give you instant access from the client site to the internet.

Getting access from the WAN Port site to your client site is either a static NAT entry issue or a port forwarding one cause you have to override the build in NAT firewall.
Depends a bit what you like to achieve with it ?! Maybe you should throw a bit more light onto this...
Before we dig deeper into this NAT setup please tell us if the source address from stations trying to access clients in the 10.1.1.x network is from the 192.168.0.x network or outside the WAN port network (Internet) ?
If the last is true you need to customize firewall roules on the WAN Port as well.
Maybe these 2 whitepapers and followup threads give some further help (unfortunately in German):
http://www.administrator.de/contentid/149915
http://www.administrator.de/contentid/91413
Bitte warten ..
Neuester Wissensbeitrag
Windows 10

Powershell 5 BSOD

(1)

Tipp von agowa338 zum Thema Windows 10 ...

Ähnliche Inhalte
Monitoring
gelöst SNMP Monitoring eines LAN aus dem WAN - Best practice? (6)

Frage von chfran zum Thema Monitoring ...

LAN, WAN, Wireless
LAN (WAN) mit ständigen Unterbrechungen (10)

Frage von Brudschgo zum Thema LAN, WAN, Wireless ...

Netzwerke
LAN und WLAN je mit gleicher IP (13)

Frage von dauatitsbest zum Thema Netzwerke ...

Heiß diskutierte Inhalte
Windows Userverwaltung
Ausgeschiedene Mitarbeiter im Unternehmen - was tun mit den AD Konten? (34)

Frage von patz223 zum Thema Windows Userverwaltung ...

LAN, WAN, Wireless
gelöst Server erkennt Client nicht wenn er ausserhalb des DHCP Pools liegt (28)

Frage von Mar-west zum Thema LAN, WAN, Wireless ...

Windows Server
Server 2008R2 startet nicht mehr (Bad Patch 0xa) (18)

Frage von Haures zum Thema Windows Server ...