|
||||||||||
----- Original Message ----- From: "Jesse Guardiani" <jesse at wingnet dot net> To: m0n0wall at lists dot m0n0 dot ch Subject: [m0n0wall] Re: Pinging DMZ from LAN ? Date: Tue, 07 Dec 2004 10:30:21 -0500 > > bad trip wrote: > > > hi, > > > > i'm running m0n0wall 1.1 and i have the following config : > > > > > > DMZ (opt1 : 192.168.101.0/24) > > | > > | > > | 192.168.101.254 > > m0n0wall----------------INTERNET (WAN) > > |192.168.0.254 > > | > > | > > LAN (LAN : 192.168.0.0/24) > > > > I have a computer in DMZ which is 192.168.101.1 > > I have a computer in LAN which is 192.168.0.1 > > i would like to be able to telnet/ping the DMZ computer. > > I added a static routes : > > - Interface : LAN > > - Destination network : 192.168.0.0/24 > > - Gateway : 192.168.101.254 > > > > I have no ping reply from the dmz computer ... > > The firewall rules on opt1 and LAN are set to let pass everything to > > anywhe= re. > > > > any idea on what's wrong ? > > First of all, that's not a true DMZ. True DMZs have public > IPs. Are you performing 1:1 NAT to the DMZ interface? > thanks for your answer; Yeah that's not a true DMZ. I just have one public IP on the WAN interface. I'm not performing 1:1 NAT to the DMZ interface. Yet, i'm just forwarding some external ports to the DMZ computer. I assume the following hints you gave me are available if I have a public IP on my DMZ, right ? > You shouldn't need static routes for a true DMZ (with > public IPs). Just turn on Advanced Outbound NAT with NO > RULES for the DMZ interface. Add a LAN -> WAN outbound > NAT rule, and a LAN -> DMZ outbound NAT rule. m0n0wall > adds routing automatically. > > You'll also have to add filter rules stating that the LAN > can access anything it wants using any protocol and > any port range. > -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm |