[ previous ] [ next ] [ threads ]
 
 From:  "Allan Mogensen" <allan at 1966 dot dk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  DMZ and public ip problem
 Date:  Fri, 11 Mar 2005 11:27:31 +0100
Looking for a replacement of my existing fw, m0n0 has come to my attention, 
looks like just the fw i need :-)

However i cannot figure out the way to configure the DMZ with public ip's on 
the m0n0 FW..

My current ip setup:
WAN: 80.132.160.246 (Static IP from ISP)
GW: 80.132.160.245

DMZ: 83.90.91.240/28 (assigned from ISP) - i'm not 100% sure, but my guess 
is that the ISP routes all traffic to my static IP..

LAN: 192.168.1.0/24

In my current firewall the DMZ setup is configured like this:
DMZ I/F in firewall: 83.90.91.241 (which is also default gateway for DMZ 
machines)

I have replicated this setup to M0n0:
DMZ I/F IP: 83.90.91.240/28
By browsing the doc's i found that i need to Enable Advanced Outbound NAT in 
order to disable NAT for the DMZ

Nothing is changed on the DMZ machines, default gateway is still 
83.90.91.241

My problem is that there is no access from the DMZ machines to the internet.
In the DMZ firewall rules i have allowed access to *.* from all DMZ 
machines.
In the WAN firewall rules i have allowed traffic to the DMZ machines, to 
specific
services, i.e. mail, http etc.
In fact i have'nt checked if there are any inbound access to these services, 
using this setup, since the outbound acceess from DMZ is not working.

My LAN setup works fine... and i am able to ping the DMZ default GW IP from 
the LAN, but nothing else (related to the DMZ :-)

Any suggestions would be great...