[ previous ] [ next ] [ threads ]
 
 From:  ss <sonicsai at gmail dot com>
 To:  Scott Nasuta <tcslv at cox dot net>
 Cc:  m0n0wall list <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: Re[2]: [m0n0wall] another FreeBSD 4.10 vs. 5.3 comparison
 Date:  Tue, 29 Mar 2005 17:57:26 +0500
On Tue, 29 Mar 2005 01:56:59 -0800, Scott Nasuta <tcslv at cox dot net> wrote:
> Hello ss,
> 
> Tuesday, March 29, 2005, 12:09:49 AM, you wrote:
> 
> > maybe you want a setup like this?
> 
> > PC1 ----- (DMZ) m0n0 (wan) ---- PC2
> 
> I would think I want this.
> 
> I had:
> LAN = 10.0.0.1
> PC1 = 10.0.0.2
> WAN = 10.0.0.3
> PC2 = 10.0.0.4

Ok, try this:

 LAN = 10.0.0.1 gateway=10.0.0.2 netmask=255.0.0.0
 PC1 = 10.0.0.2
 WAN = 200.0.0.3 gateway=200.0.0.4 netmask=255.0.0.0
 PC2 = 200.0.0.4  gateway=200.0.0.3 netmask=255.0.0.0


> But I couldn't get the PC's to 'talk' (ping or with the software). I
> disabled all firewall rules and it still wouldn't get through. Also
> used QCheck for simplicity but it wouldn't 'talk' through either.

If you remove all the rules then all traffic will be blocked. If you
leave the default LAN rule in, then your PC1 should be able to connect
to the PC2. PC2 will not be able to connect to PC1 or to ping WAN as
this is blocked. WAN should be able to ping PC2 (you can use the web
interface to do this). To get the web interface you should type
http://10.0.02/ into your web browser on PC1.

> Plus since I want to test escalating firewall rules degration,
> wouldn't putting PC1 in a DMZ bypass the firewall rulings? Not to
> mention I don't know how to setup a "DMZ" with m0n0/pfsense to 
> begin  with.

Lets get the simple stuff working, then we can try to setup a DMZ later.

hope I haven't made any mistakes in the stuff above :-)

sai