Hello All - sorry if these are relatively newb questions.
I just migrated away from SmoothWall to Astaro V8.301. I have pretty much everything working as I had before with my smoothwall setup. However, I'm running into some issues that I can't sort out because ASG is much more capable. My setup is a relatively complex home setup:
- Five Static IP addresses assigned to me (a /29 network).
- Four of those Static IP addresses have Linux machines directly on them. Those are being protected by the built-in firewalls. Three of these are dual homed (i.e. one NIC on the public internet and one NIC on my internal network). This was a much simpler thing to do with smoothwall than to try to have everything behind a single firewall and route accordingly. The linux servers are my mail server and web servers (I host a few sites for friends and family). - (Call these PubHosts)
- One of those IP's is connected to the ASG. All of my home machines (laptops, desktops, tv's, etc.) are behind this IP. This is also the IP that's used to setup the SSL VPN. (call it the HomeNet).
Here's what works:
- My HomeNet machines can all communicate to the world without any problem. They can also communicate to each other.
- DHCP is working fine for devices that don't have a static IP or static DHCP assignment.
- Static DHCP assignment is working fine
- SSL VPN is working and I can connect to HomeNet via TunnelBlick on my macs.
- PubNet machines still connect to the internet fine (I can hit the mail/web services on them from outside my network just fine.)
- DNAT is working for my RDP server and one internal test web server both of which are on HomeNet.
Here's what's broke and I can't figure out how to fix:
- HomeNet machines can't resolve short names (i.e. "ping bud" doesn't resolve, but "ping bud.domain.com" does work).
- HomeNet machines can ping/ssh to the PubHosts, but can not get HTTP traffic to work. HTTPS traffic seems to work fine. (i.e. "ssh server.domain.com" and "ping server.domain.com" works, "telnet server.domain.com 80" does not work)
- SSL VPN'd machines aren't getting any DNS services from ASG. I have to use /etc/hosts to resolve IP's. Once resolved, I can flow traffic fine.
I'm pretty sure that I'm not getting something simple here and that there's room for improvement (i.e. I'm planning on moving all of the PubNet hosts behind ASG at some point).
What did I do wrong? What logs/screenshots can I share that will help?
Thanks!
I just migrated away from SmoothWall to Astaro V8.301. I have pretty much everything working as I had before with my smoothwall setup. However, I'm running into some issues that I can't sort out because ASG is much more capable. My setup is a relatively complex home setup:
- Five Static IP addresses assigned to me (a /29 network).
- Four of those Static IP addresses have Linux machines directly on them. Those are being protected by the built-in firewalls. Three of these are dual homed (i.e. one NIC on the public internet and one NIC on my internal network). This was a much simpler thing to do with smoothwall than to try to have everything behind a single firewall and route accordingly. The linux servers are my mail server and web servers (I host a few sites for friends and family). - (Call these PubHosts)
- One of those IP's is connected to the ASG. All of my home machines (laptops, desktops, tv's, etc.) are behind this IP. This is also the IP that's used to setup the SSL VPN. (call it the HomeNet).
Here's what works:
- My HomeNet machines can all communicate to the world without any problem. They can also communicate to each other.
- DHCP is working fine for devices that don't have a static IP or static DHCP assignment.
- Static DHCP assignment is working fine
- SSL VPN is working and I can connect to HomeNet via TunnelBlick on my macs.
- PubNet machines still connect to the internet fine (I can hit the mail/web services on them from outside my network just fine.)
- DNAT is working for my RDP server and one internal test web server both of which are on HomeNet.
Here's what's broke and I can't figure out how to fix:
- HomeNet machines can't resolve short names (i.e. "ping bud" doesn't resolve, but "ping bud.domain.com" does work).
- HomeNet machines can ping/ssh to the PubHosts, but can not get HTTP traffic to work. HTTPS traffic seems to work fine. (i.e. "ssh server.domain.com" and "ping server.domain.com" works, "telnet server.domain.com 80" does not work)
- SSL VPN'd machines aren't getting any DNS services from ASG. I have to use /etc/hosts to resolve IP's. Once resolved, I can flow traffic fine.
I'm pretty sure that I'm not getting something simple here and that there's room for improvement (i.e. I'm planning on moving all of the PubNet hosts behind ASG at some point).
What did I do wrong? What logs/screenshots can I share that will help?
Thanks!