[ previous ] [ next ] [ threads ]
 
 From:  sai <list at ebs dot net dot pk>
 To:  sylikc <sylikc at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] dmz setup not working
 Date:  Fri, 22 Oct 2004 08:43:52 +0500
sylikc wrote:

>sai,
>
>  
>
>>I have the following setup but must have missed something as we cannot
>>connect to the 2 servers mentioned below. Any one see anything missing?
>>    
>>
>
>What do you mean you can't "connect" the two servers?
>
>
>  
>
>>WAN 222.x.x.33/29
>>LAN  192.168.0.1/24
>>DMZ  10.1.0.1/24
>>
>>Now I have a couple of servers on the DMZ.
>>server1 : 10.1.0.2
>>server2:  10.1.0.3
>>
>>in Services > PRoxy ARP,  I add 222.x.x.35  and 222.x.x.37  (these are 2
>>spare Public IP addresses we have)
>>in Firewall > NAT > Server NAT   I add  222.x.x.35  and 222.x.x.37
>>in Firewall > NAT > Inbound  I have:
>>         External IP :  222.x.x.35
>>         Protocol : TCP/UDP
>>         External port: 8xx1  (this is as requested by the supplier of
>>the server)
>>         Local port : 8xx1 (same as expternal port)
>>         [checked] the box saying "Auto add rule"
>>
>>and also
>>       External IP :  222.x.x.37
>>         Protocol : TCP/UDP
>>         External port: 8xx2  (this is as requested by the supplier of
>>the server)
>>         Local port : 8xx2 (same as expternal port)
>>         [checked] the box saying "Auto add rule"
>>    
>>
>
>Assuming "connecting" means accessing WAN resources, you don't seem to
>have any Firewall rules that allow traffic out of the DMZ.  Those
>ports specified only let traffic inbound... and only limited by those
>ports, but you also need to add FW rules that permit TCP/UDP traffic
>outbound from the DMZ.
>
>
>/sylikc
>
>  
>
I should have said I cannot connect from the Internet (ie WAN) to the 
servers..the supplier needs to connect to them to configure them.
Today I find that one server had the wrong gateway so no connection was 
possible - fixed that.  I can now connect from the WAN to server1 . 
Server2 was not accepting connections anyway (ie not even accepting 
connections from within the LAN) so its not my problem at the moment!

Will the supplier be able to connect to server1 with this setup or do I 
need to add more rules. I ask because I can connect (ie "connection 
established" using "telnet 222.x.x.35 8xx1" but I get nothing on the 
screen. Not sure what sort of server is handling the other end.

Thanks sylikc

sai