[ previous ] [ next ] [ threads ]
 From:  Mat Johns <mbj202 at ecs dot soton dot ac dot uk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Bridged OPT1 on Beta1.2b3
 Date:  Mon, 13 Dec 2004 02:29:11 +0000

Ive got a server on a DMZ behind my m0n0wall box, prevoiusly I used NAT 
and port forwarding, however now I have enough public ips for routers 
and the server.

Ive setup the boxs and the firewall...

pass in quick proto icmp from any to x.x.28.163 keep state group 200
pass in quick proto tcp from any to x.x.28.163 port = 80 keep state 
group 200
pass in quick proto udp from any to x.x.28.160/29 port 33433 >< 33600 
keep state group 200

x.x.28.162 is the firewall
x.x.28.163 is the server on the DMZ

The first rule allows for pinging the server.
The last rule allows traceroutes to pass from the WAN to the DMZ
The second *should* allow allow http access to the server but doesnt work

Has ne got an idea why this isnt working I know there sometimes are time 
delays accepting the bridge cos of the ARP on the isp router however I 
can ping and traceroute to the server but not open tcp on 80. Oh and I 
can access out from server just not in!

~Mat Johns
mat at cyberfish dot org