----- Original Message -----
From: "Jesse Guardiani" <jesse at wingnet dot net>
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Re: Pinging DMZ from LAN ?
Date: Tue, 07 Dec 2004 10:30:21 -0500
> bad trip wrote:
> > hi,
> > i'm running m0n0wall 1.1 and i have the following config :
> > DMZ (opt1 : 192.168.101.0/24)
> > |
> > |
> > | 192.168.101.254
> > m0n0wall----------------INTERNET (WAN)
> > |192.168.0.254
> > |
> > |
> > LAN (LAN : 192.168.0.0/24)
> > I have a computer in DMZ which is 192.168.101.1
> > I have a computer in LAN which is 192.168.0.1
> > i would like to be able to telnet/ping the DMZ computer.
> > I added a static routes :
> > - Interface : LAN
> > - Destination network : 192.168.0.0/24
> > - Gateway : 192.168.101.254
> > I have no ping reply from the dmz computer ...
> > The firewall rules on opt1 and LAN are set to let pass everything to
> > anywhe= re.
> > any idea on what's wrong ?
> First of all, that's not a true DMZ. True DMZs have public
> IPs. Are you performing 1:1 NAT to the DMZ interface?
thanks for your answer;
Yeah that's not a true DMZ. I just have one public IP on the WAN interface.
I'm not performing 1:1 NAT to the DMZ interface.
Yet, i'm just forwarding some external ports to the DMZ computer.
I assume the following hints you gave me are available if
I have a public IP on my DMZ, right ?
> You shouldn't need static routes for a true DMZ (with
> public IPs). Just turn on Advanced Outbound NAT with NO
> RULES for the DMZ interface. Add a LAN -> WAN outbound
> NAT rule, and a LAN -> DMZ outbound NAT rule. m0n0wall
> adds routing automatically.
> You'll also have to add filter rules stating that the LAN
> can access anything it wants using any protocol and
> any port range.
Sign-up for Ads Free at Mail.com