[ previous ] [ next ] [ threads ]
 
 From:  sylikc <sylikc at gmail dot com>
 To:  sai <list at ebs dot net dot pk>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] dmz setup not working
 Date:  Thu, 21 Oct 2004 11:08:07 -0700
sai,

> I have the following setup but must have missed something as we cannot
> connect to the 2 servers mentioned below. Any one see anything missing?

What do you mean you can't "connect" the two servers?


> WAN 222.x.x.33/29
> LAN  192.168.0.1/24
> DMZ  10.1.0.1/24
> 
> Now I have a couple of servers on the DMZ.
> server1 : 10.1.0.2
> server2:  10.1.0.3
> 
> in Services > PRoxy ARP,  I add 222.x.x.35  and 222.x.x.37  (these are 2
> spare Public IP addresses we have)
> in Firewall > NAT > Server NAT   I add  222.x.x.35  and 222.x.x.37
> in Firewall > NAT > Inbound  I have:
>          External IP :  222.x.x.35
>          Protocol : TCP/UDP
>          External port: 8xx1  (this is as requested by the supplier of
> the server)
>          Local port : 8xx1 (same as expternal port)
>          [checked] the box saying "Auto add rule"
> 
> and also
>        External IP :  222.x.x.37
>          Protocol : TCP/UDP
>          External port: 8xx2  (this is as requested by the supplier of
> the server)
>          Local port : 8xx2 (same as expternal port)
>          [checked] the box saying "Auto add rule"

Assuming "connecting" means accessing WAN resources, you don't seem to
have any Firewall rules that allow traffic out of the DMZ.  Those
ports specified only let traffic inbound... and only limited by those
ports, but you also need to add FW rules that permit TCP/UDP traffic
outbound from the DMZ.


/sylikc