I *believe* that my problem is a routing issue and not a filters issue.
I have a /25 network. I've set aside a /29 of it as a DMZ.
I can reach the outside world from the DMZ (as allowed by rules), and I
can reach the LAN from the DMZ (as allowed by some rules). I can reach
the DMZ from the LAN (as allowed by some temporary testing rules). I
cannot reach the DMZ from the WAN, even though I've opened up rules.
I do not think that I have a problem with rules for two reasons.
Nothing is being logged as being blocked by any rules. Also traceroute
and lft (level four traceroute) all stop before I reach the m0n0wall.
xxx.xxx.xxx.1 is the ISP provided router (a cisco 1721) and
xxx.xxx.xxx.2 is the WAN of the m0n0wall. The LAN side of the m0n0wall
is 192.168.2.254 The DMZ of the m0n0 is xxx.xxx.xxx.8/29.
I have a machine set up at xxx.xxx.xxx.9 using .8 as its default
router. Again, it can reach both WAN and LAN, and LAN can reach it,
but WAN can't reach it. A traceroute from the WAN gets only as far as
the Cisco 1721. Nothing reaches the m0n0wall, Is my problem that I've
made the DMZ a subnet of my net? Should I make it a private network?
Any other ideas? I'm grasping at staws.
Jeffrey Goldberg http://www.goldmark.org/jeff/