Comments
-
Thanks. They are both /24 I am not familiar with "application control" but it was on (Global) on one of the Ping policies, so I turned it off. Should I go through all policies and do that? I had forgotten about the Diagnostics - I can ping both sides (machines) from the FW.
-
Thanks. But since they (Ta, Tb) respond to pings from other machines on the same Trusted segment, that did not seem to me to be the problem (?). Would/should the traffic monitor show something for the response coming back from the Trusted -> DMZ machine? So the trusted machines (Ta,Tb) respond to all pings on the same…
-
Thanks!
-
Thanks; got it! I see how to add the policy. And does this also seem to imply that the Printer should have a static IP in the Trusted segment. (currently DHCP)
-
PS: what started all of this was that the Linux exim4 email program logs noted "Network unreachable", which is what made me suspect the WG firewall. Turns out that was not the cause, and the error message logged is just misleading - it was accessing the network, then failing.
-
Thanks. I do have a proxy on those.
-
I got it working on my linux system - it was not a FW issue for it but sendmail configuration. However, I am still just using the default outgoing TCP-UDP policy, should I be changing to using a TCP-UDP proxy policy? Offhand it looked significantly more complex to setup. Thanks for the inputs an help.
-
I think it is not a WG issue - but a need to properly setup the external smtp server. I changed the configuration, and it seems like now it is complaining about authentication - so I am getting through to it.
-
My DMZ setup is I think simple, I have one web server in the DMZ (which is the machine i am trying to setup Linux email on), and everything else including my main development machine on the Trusted segment. Trusted = 10.0.1.*, DMZ = 10.0.2.*. Web serve is SNAT'ed static IP on the DMZ. All IP setup seems correct. I can ping…
-
@james.carson - I did try it and watch traffic logs but did not see anything denied, nor any apparent traffic. I tried filtering on the address of that SMTP server (from pings) and then only got a blank monitoring display, so perhaps something is not (yet) logging - although the tcp-udp policy is logging enabled, for…
-
@Bruce_Briggs - Thanks, I do see an enabled policy "outgoing" TCP-UDP from (any-trusted, any-optional) to any-external for any port (:0), so seems like that wouldn't be limiting it. I will check if it is logging, and try it again. I don't know what this means - "set the SMTP section of the TCP-UDP proxy action to Allow..."…
-
Thanks - I did not know what filter/policy to look for. Will check on the tcp-udp, and make sure logging is enabled.
-
Thanks, that is what I had inferred and found - so added the desired policies, and all is well.
-
Hmm, the way it worked was that on Windows I just share the folder; no network action needed, just permissions. Then on Linux I do a remote mount. So it would seem like the Linux (DMZ) mount would have to initiate a connection to the windows (trusted) machine?
-
Many thanks, will try it!
-
Thanks, got it. I previously had a shared SMB file between my local main windows machine and a Linux public web server, so i could easily trade and backup files. I would just mount the remote SMB file on windows on the Linux machine. Now I have them on separated network segments, the Linux web server on a DMZ (optional)…
-
Is there any reference or tutorial for the specific rules to do this?
-
Thanks. I would think that all of this is a FAQ - I just have a simple setup with a SOHO and some DHCP systems, and want to access them by name. Sure seems simple to me! :-) windows resolutions cover 90% of what I want - I'll do a manual local HOSTS entry for now, think about playing with more later.
-
Thank you. However if this reference is to a DHCP system, seems like manual additions and updating would be troublesome as they can change. I could imagine some local script that would query the DHCP lease table on the WG and sync a local windows hosts file - however one would have to install this on every windows local…
-
Thanks for the comments and input. @TestingTester: perhaps I was too vague about "supporting DNS", What I meant is that it seems that the WG will forward DNS queries to some other DNS server, but will not respond to queries itself. Their documentation seems to say that (previous quote), and also their customer support:…
-
Got it - just turned the switch on/off, it did a dhcp update, and I could lookup its IP in the WG DHCP lease table! Thanks.
-
Thanks - I did look there (DHCP list) and nothing with it's MAC address or name (and the device does have a name set in it).
-
One more (!) - in the WG ARP table, I see a bunch of the old subnet addresses - 192.168.10.xx - but none of them in the DCHP lease list. Does this mean that they are not yet resetting to the new WG DHCP domain? I do see the HP switch (old) IP there, but with the wrong MAC address - ??
-
Hmm; one confusion- my top level local connection is through an HP switch. I know its previous 192.168.10.xx address, but it does not answer to that any longer, presumably because it is DHCP and now sits below the WG firewall, so would now have some new 10.0.1.xx address. I know its MAC address, and ran an IP scan but it…
-
Thanks; works fine. greatly appreciated. :-)
-
Many thanks - I can't check right now - but will do and respond!!
-
Thanks, so I think I will have to change my subnet. Since everything is DHCP, I am surprised that all local devices did not automatically adjust to that already since the WG is at the default 10.0.1.xx subnet already. I can force some PCs to refresh DHCP and see if that works, but things like phones, TV, tablets, Echo…