Ok,
I know that there have been a few posts regarding "Help, how do I MASQ my workstations behind the FW?" But I cannot get my additional networks MASQ'd outbound for the Internet.
This is the configuration of the FW:
ETH0 (PUBLIC) - x.x.x.140 SM 255.255.255.192 GW x.x.x.129
ETH1 (DMZ) - 172.16.11.1 SM 255.255.255.0
ETH2 (PRIVATE) - 172.16.10.2 SM 255.255.255.0
Now, I have a Cisco 2621 connected to ETH2 that connects two other seperate 192.168.0.0 networks. They are:
192.168.150.0/24
192.168.160.0/24
Both of these networks can see each other, and the router has the correct routes. I have statically entered in the routes back to these networks on the ASL FW. I can access the WebAdmin page remotely from 192.168.150.1. The only thing I cannot get working are internet bound services.
I just want to get HTTP access to start. I have added a MASQ entry to MASQ the following to ETH2 interface:
PRIVATE_INTERFACE
PRIVATE_NETWORK_192.168.0.0
PRIVATE_NETWORK_172.16.0.0
PRIVATE_NETWORK_10.0.0.0
I have also tried to remove all but the PRIVATE_NETWORK, and a Network Group called LA_CORP (which is defined with the 192.168.150.0/24 network address).
I then added filters in that allowed DNS and HTTP through. I see in the LiveFilterLog that the Public Interface is wanting to resolve DNS names to DNS Root servers, but the packets are getting dropped.
What the hell is going on? I have just moved from IPCop 0.1.1 to ASL, and I like the web interface more than IPCop, but so far I cannot get this working.
Any ideas?
Thanks,
Chris
This thread was automatically locked due to age.
