[ previous ] [ next ] [ threads ]
 
 From:  "Tarun Kundhi" <tkundhi at inebraska dot com>
 To:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  "m0n0wall list" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] newbie FW and DMZ question
 Date:  Wed, 16 Mar 2005 19:59:38 -0600 
Chris & Don,

The information was helpful.

Thanks,

t.


----- Original Message ----- 
From: "Chris Buechler" <cbuechler at gmail dot com>
To: "Tarun Kundhi" <tkundhi at inebraska dot com>
Cc: "m0n0wall list" <m0n0wall at lists dot m0n0 dot ch>
Sent: Wednesday, March 16, 2005 12:44 PM
Subject: Re: [m0n0wall] newbie FW and DMZ question


> On Wed, 16 Mar 2005 08:25:10 -0600, Tarun Kundhi <tkundhi at inebraska dot com> 
> wrote:
>> I'm new here and trying to set up m0n0wall in my home office. The intial 
>> setup and configuration went smoothly but I can't find the documentation 
>> on FW rules configuration particularly with regard to DMZ zone. I assume 
>> this documentation probably exists and I'm not looking in the right 
>> place. I have read the quick start guide 
>> (http://m0n0.ch/wall/quickstart/) and Users guide 
>> (http://m0n0.ch/wall/documentation.php), but neither cover FW rules.
>>
>
> The example on this page might help (the fw rules portion).
> http://m0n0.ch/wall/docbook/examples.html#id2598130
>
>
>> I believe my goal is pretty straight forward. I have a one dynamic public 
>> ip address from my ISP. There are 3 NIC in my m0n0wall box, configed as 
>> WAN, LAN (192.168.10.1/24) and DMZ (192.168.20.1/24) . Basiclly I want 
>> all uninitated requests from to go to the DMZ subnet. I also don't want 
>> any traffic going from the DMZ subnet to the LAN subnet. And I do want 
>> the LAN to be able to get to the outside world.
>>
>
> The allow DMZ to anything but LAN is covered in the link above.
>
> I'm not sure what you mean by all uninitiated requests.  Everything
> coming in from the internet?  You'll want to use inbound NAT to
> specifically permit certain ports only (whatever you need).  If you
> don't have a need for that inbound traffic, you should just let it
> drop at the WAN.  But for example if you want to run a web server or
> mail server, then you'll want to open up the appropriate ports using
> inbound NAT.  That'll be similar to the example I linked above.  Let
> us know if that helps.
>
> -Chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>