|
||||||||||
On Wed, 16 Mar 2005 08:25:10 -0600, Tarun Kundhi <tkundhi at inebraska dot com> wrote: > I'm new here and trying to set up m0n0wall in my home office. The intial setup and configuration went smoothly but I can't find the documentation on FW rules configuration particularly with regard to DMZ zone. I assume this documentation probably exists and I'm not looking in the right place. I have read the quick start guide (http://m0n0.ch/wall/quickstart/) and Users guide (http://m0n0.ch/wall/documentation.php), but neither cover FW rules. > The example on this page might help (the fw rules portion). http://m0n0.ch/wall/docbook/examples.html#id2598130 > I believe my goal is pretty straight forward. I have a one dynamic public ip address from my ISP. There are 3 NIC in my m0n0wall box, configed as WAN, LAN (192.168.10.1/24) and DMZ (192.168.20.1/24) . Basiclly I want all uninitated requests from to go to the DMZ subnet. I also don't want any traffic going from the DMZ subnet to the LAN subnet. And I do want the LAN to be able to get to the outside world. > The allow DMZ to anything but LAN is covered in the link above. I'm not sure what you mean by all uninitiated requests. Everything coming in from the internet? You'll want to use inbound NAT to specifically permit certain ports only (whatever you need). If you don't have a need for that inbound traffic, you should just let it drop at the WAN. But for example if you want to run a web server or mail server, then you'll want to open up the appropriate ports using inbound NAT. That'll be similar to the example I linked above. Let us know if that helps. -Chris |