Ive got a server on a DMZ behind my m0n0wall box, prevoiusly I used NAT
and port forwarding, however now I have enough public ips for routers
and the server.
Ive setup the boxs and the firewall...
pass in quick proto icmp from any to x.x.28.163 keep state group 200
pass in quick proto tcp from any to x.x.28.163 port = 80 keep state
pass in quick proto udp from any to x.x.28.160/29 port 33433 >< 33600
keep state group 200
x.x.28.162 is the firewall
x.x.28.163 is the server on the DMZ
The first rule allows for pinging the server.
The last rule allows traceroutes to pass from the WAN to the DMZ
The second *should* allow allow http access to the server but doesnt work
Has ne got an idea why this isnt working I know there sometimes are time
delays accepting the bridge cos of the ARP on the isp router however I
can ping and traceroute to the server but not open tcp on 80. Oh and I
can access out from server just not in!
mat at cyberfish dot org