[ previous ] [ next ] [ threads ]
 
 From:  Simon SZE-To <simonchs at gmail dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Migrate from SonicWALL to m0n0wall
 Date:  Mon, 13 Dec 2004 10:56:16 +0800
I've setup a test environment and attach a server with public IP to
the DMZ port.
the following steps were done:

1) firewall rules on DMZ interface, allow all proto, any src/dest
address, any src/dest port.
after this, my DMZ server can go out to internet.

2) firewall rules on WAN interafce, allow ICMP proto, any src address,
any src port, DMZ net dest address, any dest port.
after this, my DMZ server can be pinged from internet

3) firewall rules on WAN interface, allow TCP proto, any src address,
any src port, DMZ net dest addres, any dest port.
but after this, my DMZ server cannot access web/ftp/etc... services
from the internet.

Is there something I had done incorrectly?

Thank you very much.




On Sun, 12 Dec 2004 03:52:50 -0500, Chris Buechler <cbuechler at gmail dot com> wrote:
> On Sun, 12 Dec 2004 16:10:06 +0800, Simon SZE-To <simonchs at gmail dot com> wrote:
> > Hello,
> >
> > Thanks for the reply.
> >
> > So, I should:
> > (1) System -> Advanced -> Enable filtering bridge
> > (2) Interfaces -> OPT1 -> Enable Optional 1 interface, Bridge with WAN
> > right?
> >
> 
> Correct.
> 
> 
> > And, what IP address and netmask I should be used? (I need to spend
> > one more IP for my DMZ interface?)
> >
> 
> No, the DMZ interface does not get an IP.  That box will be grayed out
> when you select bridge.
> 
> Since you don't have a LAN interface set up, you'll have to open the
> webGUI on the WAN after initial configuration (see FAQ), and you will
> need to use the LAN interface to do the initial setup.  After that you
> can unplug it.
> 
> -Chris
>