Dual-homed router setup

Murus
Post Reply
Snoopy81
Posts: 1
Joined: Sun Apr 30, 2017 3:28 pm

Dual-homed router setup

Post by Snoopy81 » Sun Apr 30, 2017 4:36 pm

Hi Hany and everyone,
first of all let me say thank you for developing such a nice tool. It made PF available to me and $35 for the Pro feel really well spent!

Your guideline for "Troubleshooting NAT Internet Sharing" worked well for me. My clients have good access to the internet and my inbound VPN is working. So basically, mission accomplished thanks to Murus ;)

However, it seems I have not really set everything up the right ways (even though it works, mostly). Here's my infrastructure setup:

A) DSL Router; DHCP 192.168.0.0/24, 3 clients (all routers, too), ports 1701, 500 & 4500 forwarded to 192.168.0.10, other ports closed

B) Mac dual-homed router with OS X Server as Gateway, with Murus; WAN en0 (192.168.0.10), LAN en4 (DHCP 192.168.10.0/0)
Murus static NAT LAN en4 to WAN en0, "Share Internet connection" checked with group 192.168.10.0/24 allow "ALL SERVICES"

C) About 30 clients in 192.168.10.0/24 running with the Mac Server as gateway, DHCP, DNS etc. They all may have full outbound access to everything.

So far, so good. My questions:
I) In Logs Visualizer, I see "internal" devices on 192.168.10.0/24 appear as "Inbound Passed Connections". I understand "inbound" as traffic coming from WAN/en0 on B) and targeting everything on the Mac server or "beyond" in LAN 192.168.10.0/24. Is that correct? If not, how should I see it?

II) In the log I can only find 192.168.10.1 (Mac Server) having outbound connections. The connections probably stem mostly from clients like 192.168.10.41 but I never see those. What am I missing here and how can I make such traffic visible/logged?

III) Even though A) has only the VPN ports (see above) open, I find Chinese, US and Taiwanese hosts targeting ports like 88 on the "Inbound blocked connections" log list. I clearly have no routes for that on A), any idea how they can even end up on that list?

thank you so much for answering!
Snoopy81

hany
Posts: 485
Joined: Wed Dec 10, 2014 5:20 pm

Re: Dual-homed router setup

Post by hany » Fri May 12, 2017 12:43 pm

So far, so good. My questions:
I) In Logs Visualizer, I see "internal" devices on 192.168.10.0/24 appear as "Inbound Passed Connections". I understand "inbound" as traffic coming from WAN/en0 on B) and targeting everything on the Mac server or "beyond" in LAN 192.168.10.0/24. Is that correct? If not, how should I see it?
and here we are  someone must have done this question soon or later  it happened 'later' 
Think about your routing chain:

clients -> Murus LAN interface -> NAT -> Murus WAN interface -> ADSL router's LAN interface -> NAT -> ADSL router's WAN (with public IP).

So... think about Murus' "point of view":
Connections originating from clients and targeting remote (public) internet services are:
"outbound connections" from the clients' point of view
"inbound connections" from the router's LAN interface's point of view
"outbound connections" (with translated address) from the router's WAN interface point of view.

So... a connections can be both "inbound" and "outbound" according to the point of view.
A Mac running a dual homed router with Murus will see client's connections in TWO WAYS. The former is its LAN point of view, the latter his WAN's point of view.

Tricky, isn't it ? 
II) In the log I can only find 192.168.10.1 (Mac Server) having outbound connections. The connections probably stem mostly from clients like 192.168.10.41 but I never see those. What am I missing here and how can I make such traffic visible/logged?
That's because for your Murus router this is INBOUND traffic, even if for your clients it is OUTBOUND.
III) Even though A) has only the VPN ports (see above) open, I find Chinese, US and Taiwanese hosts targeting ports like 88 on the "Inbound blocked connections" log list. I clearly have no routes for that on A), any idea how they can even end up on that list? can even end up on that list?
Not sure about this last statement. can you please explain me ?

Post Reply