|
|
Post by clayaiken on Apr 1, 2015 1:47:24 GMT
Hi guys, Again I come to make some of these silly questions, I like your idea, make smaller and better firewall. I'm using version RC3. I try to add port mapping firewall (home) rules in Example Firewall address https://192.168.1.1 Port 443 is mapped to https://192.168.1.1 Dynamic DNS test999.ddns.net # This is an example I try to use test999.ddns.net access in the office Discovery is a normal start, use a while after inaccessible. I'll try to use the IP address of the ping test999.ddns.net obtained access again, when I come home, find the log file records office to block all IP addresses. At the same time, I was at home use Andorid phone download APP, also appear in the log files stop recording. And so, I had to change back m0n0 1.81 (m0n0 been closed update), I can only test smallwall on a virtual machine. If you have any questions, I will be recorded again and feedback. Can Also consider increasing Openvpn client, I need to use to achieve the openvpn vps firewall behind Andorid, Pc, netbook and other access gmail, facebook. thanks! |
|
|
|
Post by clayaiken on Apr 1, 2015 2:33:09 GMT
Hi guys, Again I come to make some of these silly questions, I like your idea, make smaller and better firewall. I'm using version RC3. I try to add port mapping firewall (home) rules in Example Firewall address https://192.168.1.1 Port 443 is mapped to https://192.168.1.1 Dynamic DNS test999.ddns.net # This is an example I try to use test999.ddns.net access in the office Discovery is a normal start, use a while after inaccessible. I'll try to use the IP address of the ping test999.ddns.net obtained access again, when I come home, find the log file records office to block all IP addresses. At the same time, I was at home use Andorid phone download APP, also appear in the log files stop recording. And so, I had to change back m0n0 1.81 (m0n0 been closed update), I can only test smallwall on a virtual machine. If you have any questions, I will be recorded again and feedback. Can Also consider increasing Openvpn client, I need to use to achieve the openvpn vps firewall behind Andorid, Pc, netbook and other access gmail, facebook. thanks! Sorry, I try to stop logging M0n01.18 also found problems caused by firewall rules, I'm not rule out a malfunction caused my device, on this issue, I being the first disabled. Please only answer this if openvpn consider increasing it? |
|
|
|
Post by Lee Sharp on Apr 1, 2015 3:16:22 GMT
Lots of stuff here... To start, there was no code changed between 1.8.1 and 1.8.2 that had anything to do with NAT. And I am also personally using it extensively, so it has been very well tested all along.  Not saying that it could not happen, but it is likely something else. As to OpenVPN, yes, it would be nice. However, development is a finite resource. Right now I am looking at rolling out the release, and then there are a few things on the very short list. (adding VM drivers to the stock build, for one...) And a lot more things on the long and hard list. As with any project, priorities have to happen. When all we had was pptp (on m0n0wall) getting a good VPN solution was high priority. But with L2TP now working, adding another one is less of a priority. That said, I am always willing to accept help, and you can pick the itch you scratch. |
|
|
|
Post by Lee Sharp on Apr 1, 2015 3:19:04 GMT
Back to the NAT above... You do not need NAT to get into the web GUI. Just open port 443 on the WAN interface, and you can connect to the web GUI. The http server binds to all IP addresses, and it is only blocked if you block it in the firewall. (Other then the anti-lockout rule on the LAN interface only)
|
|
|
|
Post by clayaiken on Apr 1, 2015 3:41:22 GMT
Back to the NAT above... You do not need NAT to get into the web GUI. Just open port 443 on the WAN interface, and you can connect to the web GUI. The http server binds to all IP addresses, and it is only blocked if you block it in the firewall. (Other then the anti-lockout rule on the LAN interface only) Has been good, I reinstall smallwall, and manually change the other configuration |
|
|
|
Post by clayaiken on Apr 1, 2015 3:42:47 GMT
Lots of stuff here... To start, there was no code changed between 1.8.1 and 1.8.2 that had anything to do with NAT. And I am also personally using it extensively, so it has been very well tested all along. Not saying that it could not happen, but it is likely something else. As to OpenVPN, yes, it would be nice. However, development is a finite resource. Right now I am looking at rolling out the release, and then there are a few things on the very short list. (adding VM drivers to the stock build, for one...) And a lot more things on the long and hard list. As with any project, priorities have to happen. When all we had was pptp (on m0n0wall) getting a good VPN solution was high priority. But with L2TP now working, adding another one is less of a priority. That said, I am always willing to accept help, and you can pick the itch you scratch. pptp not stable in debian linux on L2TP or other available? I have not tried it, I liked it because openvpn cryptographically |
|
|
|
Post by clayaiken on Apr 1, 2015 6:15:35 GMT
When I reload is complete, I continue to test in the office firewall rule problem, see the following blocking occurs, and why? I've done the forwarding, why would happen? |
|
|
|
Post by Lee Sharp on Apr 1, 2015 14:37:45 GMT
OK, this is outbound blocking on LAN, so WAN rules have nothing to do with it. If you have the default LAN rule of allow everything, it is an odd result in the way FreeBSD handles out of order fragmented packets.
What are the rules you have set on LAN and WAN?
|
|
|
|
Post by clayaiken on Apr 2, 2015 1:15:50 GMT
OK, this is outbound blocking on LAN, so WAN rules have nothing to do with it. If you have the default LAN rule of allow everything, it is an odd result in the way FreeBSD handles out of order fragmented packets. What are the rules you have set on LAN and WAN? WAN port 443 mapping done on, when I was trying to access the home office of smallwall Attachments:
|
|
|
|
Post by Lee Sharp on Apr 2, 2015 1:45:52 GMT
192.168.1.1 is the firewall, right? Delete that NAT rule. You do not need to NAT as it is already bound to the WAN IP, and your NAT is what is breaking it. All you need is a WAN rule allowing inbound on 443 to the "WAN IP Address."
|
|
Not saying that it could not happen, but it is likely something else.
