[ previous ] [ next ] [ threads ]
 From:  Jim McBeath <jimmc at macrovision dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Can't ping DMZ from m0n0wall
 Date:  Fri, 31 Oct 2003 11:41:33 -0800
I am running m0n0wall on a Soekris net4501 with sis0=LAN, sis1=DMZ and
sis2=WAN.  There are two other machines on the DMZ subnet.  I can ping
those machines from a machine on the LAN, but I can not ping them from
the Soekris.  The ping output from m0n0wall says:

  ping: sendto: No route to host

I am wondering if the firewall rules are set up not to allow this for
the optional DMZ interface.  I can see "pass out" rules for sis2 (WAN)
and sis0 (LAN) for icmp, but none for sis1 (DMZ), so it looks to me like
it falls through to the "block out any" rule.

If this is what is preventing the ping from going out, would that same
kind of problem also prevent incoming NAT to the DMZ from working?