[ previous ] [ next ] [ threads ]
 
 From:  Carlo Landmeter <clandmeter at gmail dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] I don't want to go back using Cisco....
 Date:  Wed, 18 May 2005 09:01:20 +0200
Yes the router can access anything it wants. If i look at this picture
i see that the LAN and the DMZ interface are actualy working the same
way except that the LAN interface has NAT enabled and the DMZ has not.

This is the rule i added on the DMZ interface

 *  	 DMZ net  	 *  	 *  	 *  	 Default WLAN -> any 

I even tried to create a PPTP tunnel on one of my servers on the DMZ
interface to a PPTP server but also this is failing but if i try to do
the same thing via the LAN interface it works.

I'm starting to believe this is a bug. Maybe somebody here has a
similar setup and could run a test to confirm this?

Carlo


On 5/18/05, Chris Buechler <cbuechler at gmail dot com> wrote:
> On 5/17/05, Carlo Landmeter <clandmeter at gmail dot com> wrote:
> >
> > I'm using m0n0wall version 1.2b3 on a wrap board. From our provider we
> > receive a subnet of 16 ip's which we can use. The m0n0wall is acting as
> > router and firewall for this subnet. I am using the 3 interfaces as folowed.
> >
> > WAN 81.*.*.*/30
> > LAN 10.*.*.*/24
> > DMZ 81.*.*.*/28
> >
> > I have disabled NAT by enabling advanced outbound NAT for the DMZ and added
> > a mapping to enable NAT for the lan interface.
> > One of the devices on the DMZ interface is a Cisco trying to run a GRE VPN
> > tunnel but it seems as if the m0n0wall is blocking the tunnel.
> > When i look into the firewall logs it doesnt display anything blocked.
> >
> 
> Then it's not blocking anything unless you put in a rule that doesn't
> log that blocks.  Can the router get out to the internet?  Try pinging
> something on the internet and see if you get an answer.
> 
> -Chris
>