can't get m0n0wall to open port 80 other than to webGUI

Discussion:

Dave Penn

2007-02-17 20:32:52 UTC

Hi and thanks in advance for any help you can give me.

I have Comcast and have been running HTTP and FTP servers through a
Netgear router with no problem.

I heard great things about m0n0wall and decided to give it a go. I've
installed m0n0wall 1.23b3 on a generic pc's hard drive using a
two-interface system to keep things simple for initial configuration
purposes. I'm using Intel Pro/100 nics for both interfaces. The
LAN-to-WAN connection works great. Had to power-cycle the cable modem
to get a connection without spoofing one of my PC's MAC addresses, but
that fixed it. I have the webGUI set to work via https on port 443.

I have DHCP running on the LAN. Three machines, two of which are
servers I need to give access to from the WAN, are on static IP
assignments, outside of the DHCP address range.

I set up a NAT (inbound) HTTP assignment to my web server's LAN IP
address and let the webGUI create a corresponding firewall rule.
Everything else is configured as installed.

The problem is that monowall won't direct HTTP traffic to the NAT-ed LAN
host I've specified. If I enter either my WAN IP or domain name into a
browser, I get nothing. I can reset the webGUI to work on http (port
80), but then if I try to access my WAN IP or domain name, all I get is
the webGUI login prompt - not a connection to my web server, as I've
configured in the NAT and firewall rules. I've tried deleting all the
NAT and firewall entries and starting over, but to no avail. Also tried
blocking WAN access to m0n0wall's LAN IP address - that didn't work either.

Reading the logs shows no traffic either passed or blocked on port 80.

On the other hand, putting my cheapo Netgear router back in line
restores everything just as if I hadn't just wasted several hours on
another piece of underdeveloped open-source geekware. Maybe you get
what you pay for in this case as in most others.

I'd like to use m0n0wall and have time to work, drink, get laid, go
shopping, etc.

Can anyone help?

-Dave

Manuel Kasper

2007-02-17 21:22:37 UTC

Permalink

Post by Dave Penn
The problem is that monowall won't direct HTTP traffic to the
NAT-ed LAN host I've specified. If I enter either my WAN IP or
domain name into a browser, I get nothing. I can reset the webGUI

http://doc.m0n0.ch/handbook/faq-lannat.html

Post by Dave Penn
restores everything just as if I hadn't just wasted several hours
on another piece of underdeveloped open-source geekware. Maybe you
get what you pay for in this case as in most others.

Thank you!

- Manuel

Chris Buechler

2007-02-17 21:50:52 UTC

Permalink

You're lucky to get a response at all, yet alone from Manuel. Maybe if
you'd learn to read, you'd be better off. Or have the first clue about
how most real firewalls work - you can go say the same thing to Cisco,
Microsoft, and <insert most commercial firewall vendors here> because
most of them require split DNS or similar workarounds as outlined in
the FAQ.

Here's a clue - before you spend "several hours" screwing with any
application, commercial or open source, it's probably a good idea to
at least read the FAQ. And since you obviously don't have a clue about
working with real firewalls, you probably shouldn't spout out like
that on a firewall list because it's a good
forever-archived-on-Google way to make yourself look stupid.

-Chris

Chris Buechler

2007-02-18 06:20:09 UTC

Permalink

You're wasting badly needed development time. Back to your code.
Thanks, you just proved my point.

I'm not a developer - just standing up for them, especially Manuel,
because they've put together a rock solid piece of software. I run a
lot of networks and a lot of different equipment and software and
m0n0wall is by far the most reliable thing I'm running anywhere,
commercial or open source, period. In 30+ different companies.

I don't know what "point" I proved, other than you being an ignorant
jackass with no manners.

Everybody else posting in this thread - good stuff, good stuff. ;)

-Chris

Michael Brown

2007-02-18 05:36:39 UTC

Permalink

This m0n0wall handles a dozen websites, game servers, mail servers, and
fax servers. Tons of traffic shaping rules, PPTP, and IPSEC connections
to another company networks. Runs on a old beat up PC. The uptime says
it all for me.

Post by Manuel Kasper

http://doc.m0n0.ch/handbook/faq-lannat.html

Thank you!
- Manuel
---------------------------------------------------------------------

Jason Collins

2007-02-18 03:47:02 UTC

Permalink

Wow, what an unbelievable ingrate. Just want to say that it's shameful
to have such a piece of invective on the lists the same day Manuel is
trying to finalize the 1.2 branch. Manuel, this has been such a solid
piece of software for me and my clients. It has held up without failure
under environments where Cisco routers would lock after only a few
weeks. I must say that I can't imagine what we'd run our networks on if
not for M0n0wall. Thank you, thank you, thank you for your incredible
contribution to open source and IT as a whole, Manuel. Feel the love.

jason

-----Original Message-----
From: Dave Penn [mailto:***@gmail.com]
Sent: Saturday, February 17, 2007 2:33 PM
To: ***@lists.m0n0.ch
Subject: can't get m0n0wall to open port 80 other than to webGUI

Hi and thanks in advance for any help you can give me.

I have Comcast and have been running HTTP and FTP servers through a
Netgear router with no problem.

I heard great things about m0n0wall and decided to give it a go. I've
installed m0n0wall 1.23b3 on a generic pc's hard drive using a
two-interface system to keep things simple for initial configuration
purposes. I'm using Intel Pro/100 nics for both interfaces. The
LAN-to-WAN connection works great. Had to power-cycle the cable modem
to get a connection without spoofing one of my PC's MAC addresses, but
that fixed it. I have the webGUI set to work via https on port 443.

I have DHCP running on the LAN. Three machines, two of which are
servers I need to give access to from the WAN, are on static IP
assignments, outside of the DHCP address range.

I set up a NAT (inbound) HTTP assignment to my web server's LAN IP
address and let the webGUI create a corresponding firewall rule.
Everything else is configured as installed.

The problem is that monowall won't direct HTTP traffic to the NAT-ed LAN

host I've specified. If I enter either my WAN IP or domain name into a
browser, I get nothing. I can reset the webGUI to work on http (port
80), but then if I try to access my WAN IP or domain name, all I get is
the webGUI login prompt - not a connection to my web server, as I've
configured in the NAT and firewall rules. I've tried deleting all the
NAT and firewall entries and starting over, but to no avail. Also tried

blocking WAN access to m0n0wall's LAN IP address - that didn't work
either.

Reading the logs shows no traffic either passed or blocked on port 80.

On the other hand, putting my cheapo Netgear router back in line
restores everything just as if I hadn't just wasted several hours on
another piece of underdeveloped open-source geekware. Maybe you get
what you pay for in this case as in most others.

I'd like to use m0n0wall and have time to work, drink, get laid, go
shopping, etc.

Can anyone help?

-Dave

YvesDM

2007-02-18 03:59:01 UTC

Permalink

Post by Dave Penn
I hadn't just wasted several hours on
another piece of underdeveloped open-source geekware. Maybe you get
what you pay for in this case as in most others.
I'd like to use m0n0wall and have time to work, drink, get laid, go
shopping, etc.
Can anyone help?

Sure we can help you, the solution to your problem is explained right here!*
http://homepage.mac.com/drewthaler/newbie-advice/iMovieTheater8.html

*

Jeremy Flaugh

2007-02-18 13:24:30 UTC

Permalink

The picture says it all.

(((((((Well the picture will not fit through your mail server it was a
screen shot of the DNS forwarder page.))))))

Your web site should have been available from the outside during that port
forward you do not need to change the port of the web GUI for this to work.

I use grc.com to double check my firewall from the outside after I make any
changes just incase I turn it into Swiss cheese.

And ask a friend to check on your web site the next time you port forward
and test.

Manuel thanks for putting together a great product don't let anyone cut it
down.

Chris you can add Microsoft ISA server to the list of firewalls that do not
let out/in traffic I spoke to a Microsoft ISA engineer about this type of
behavior of a firewall and I was told it is not secure for a firewall to let
connections from an internal interface to access services published on a
external interface. So m0n0 behaving this way makes me feel good about this
product that it is secure and industry standard.

Thanks and welcome.

Jeremy Flaugh

-----Original Message-----
From: Dave Penn [mailto:***@gmail.com]
Sent: Saturday, February 17, 2007 3:33 PM
To: ***@lists.m0n0.ch
Subject: can't get m0n0wall to open port 80 other than to webGUI

Hi and thanks in advance for any help you can give me.

I have Comcast and have been running HTTP and FTP servers through a
Netgear router with no problem.

I heard great things about m0n0wall and decided to give it a go. I've
installed m0n0wall 1.23b3 on a generic pc's hard drive using a
two-interface system to keep things simple for initial configuration
purposes. I'm using Intel Pro/100 nics for both interfaces. The
LAN-to-WAN connection works great. Had to power-cycle the cable modem
to get a connection without spoofing one of my PC's MAC addresses, but
that fixed it. I have the webGUI set to work via https on port 443.

I have DHCP running on the LAN. Three machines, two of which are
servers I need to give access to from the WAN, are on static IP
assignments, outside of the DHCP address range.

I set up a NAT (inbound) HTTP assignment to my web server's LAN IP
address and let the webGUI create a corresponding firewall rule.
Everything else is configured as installed.

The problem is that monowall won't direct HTTP traffic to the NAT-ed LAN
host I've specified. If I enter either my WAN IP or domain name into a
browser, I get nothing. I can reset the webGUI to work on http (port
80), but then if I try to access my WAN IP or domain name, all I get is
the webGUI login prompt - not a connection to my web server, as I've
configured in the NAT and firewall rules. I've tried deleting all the
NAT and firewall entries and starting over, but to no avail. Also tried
blocking WAN access to m0n0wall's LAN IP address - that didn't work either.

Reading the logs shows no traffic either passed or blocked on port 80.

On the other hand, putting my cheapo Netgear router back in line
restores everything just as if I hadn't just wasted several hours on
another piece of underdeveloped open-source geekware. Maybe you get
what you pay for in this case as in most others.

I'd like to use m0n0wall and have time to work, drink, get laid, go
shopping, etc.

Can anyone help?

-Dave

Neil A. Hillard

2007-02-18 17:47:24 UTC

Permalink

Hi,

Post by Jeremy Flaugh
Chris you can add Microsoft ISA server to the list of firewalls that do not
let out/in traffic I spoke to a Microsoft ISA engineer about this type of
behavior of a firewall and I was told it is not secure for a firewall to let
connections from an internal interface to access services published on a
external interface. So m0n0 behaving this way makes me feel good about this
product that it is secure and industry standard.

That's a bit of an oxymoron, isn't it - Microsoft firewall :-)

I can't really see what security has to do with it, though. If the
firewall has the ability to allow it and it is controllable then it is
up to the admin to enable or disable the option. m0n0wall doesn't have
the option so it's a bit of a moot point, though.

I run a filtered bridge as I have multiple IP addresses so I can use the
same IP address from inside and out. That way I get to make sure that
my external DNS is still working!

As others have mentioned - Manuel, you're doing a great job - m0n0wall
is a really great firewall and I certainly wouldn't have the same level
of configuration / features with other Open Source firewalls I've tried.

ATB,

Neil.

--
Neil A. Hillard E-Mail: ***@dana.org.uk

Mark Ryan

2007-02-18 16:58:14 UTC

Permalink

Post by Dave Penn
Hi and thanks in advance for any help you can give me.
I have Comcast and have been running HTTP and FTP servers through a
Netgear router with no problem.
I heard great things about m0n0wall and decided to give it a go. I've
installed m0n0wall 1.23b3 on a generic pc's hard drive using a
two-interface system to keep things simple for initial configuration
purposes. I'm using Intel Pro/100 nics for both interfaces. The
LAN-to-WAN connection works great. Had to power-cycle the cable modem
to get a connection without spoofing one of my PC's MAC addresses, but
that fixed it. I have the webGUI set to work via https on port 443.
I have DHCP running on the LAN. Three machines, two of which are
servers I need to give access to from the WAN, are on static IP
assignments, outside of the DHCP address range.
I set up a NAT (inbound) HTTP assignment to my web server's LAN IP
address and let the webGUI create a corresponding firewall rule.
Everything else is configured as installed.
The problem is that monowall won't direct HTTP traffic to the NAT-ed
LAN host I've specified. If I enter either my WAN IP or domain name
into a browser, I get nothing. I can reset the webGUI to work on http
(port 80), but then if I try to access my WAN IP or domain name, all I
get is the webGUI login prompt - not a connection to my web server, as
I've configured in the NAT and firewall rules. I've tried deleting
all the NAT and firewall entries and starting over, but to no avail.
Also tried blocking WAN access to m0n0wall's LAN IP address - that
didn't work either.
Reading the logs shows no traffic either passed or blocked on port 80.
On the other hand, putting my cheapo Netgear router back in line
restores everything just as if I hadn't just wasted several hours on
another piece of underdeveloped open-source geekware. Maybe you get
what you pay for in this case as in most others.
I'd like to use m0n0wall and have time to work, drink, get laid, go
shopping, etc.
Can anyone help?
-Dave
---------------------------------------------------------------------

Your problem is obvious. You are too stupid to run m0n0wall. Go try
another product. Also, be sure to insult the developer before you try it.

Mark