[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Tarun Kundhi <tkundhi at inebraska dot com>
 Cc:  m0n0wall list <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] newbie FW and DMZ question
 Date:  Wed, 16 Mar 2005 13:44:44 -0500
On Wed, 16 Mar 2005 08:25:10 -0600, Tarun Kundhi <tkundhi at inebraska dot com> wrote:
> I'm new here and trying to set up m0n0wall in my home office. The intial setup and configuration
went smoothly but I can't find the documentation on FW rules configuration particularly with regard
to DMZ zone. I assume this documentation probably exists and I'm not looking in the right place. I
have read the quick start guide (http://m0n0.ch/wall/quickstart/) and Users guide
(http://m0n0.ch/wall/documentation.php), but neither cover FW rules.
> 

The example on this page might help (the fw rules portion).  
http://m0n0.ch/wall/docbook/examples.html#id2598130


> I believe my goal is pretty straight forward. I have a one dynamic public ip address from my ISP.
There are 3 NIC in my m0n0wall box, configed as WAN, LAN (192.168.10.1/24) and DMZ (192.168.20.1/24)
. Basiclly I want all uninitated requests from to go to the DMZ subnet. I also don't want any
traffic going from the DMZ subnet to the LAN subnet. And I do want the LAN to be able to get to the
outside world.
> 

The allow DMZ to anything but LAN is covered in the link above.  

I'm not sure what you mean by all uninitiated requests.  Everything
coming in from the internet?  You'll want to use inbound NAT to
specifically permit certain ports only (whatever you need).  If you
don't have a need for that inbound traffic, you should just let it
drop at the WAN.  But for example if you want to run a web server or
mail server, then you'll want to open up the appropriate ports using
inbound NAT.  That'll be similar to the example I linked above.  Let
us know if that helps.

-Chris