Re: [m0n0wall] Migration to m0n0

From:	Chris Buechler <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Migration to m0n0
Date:	Mon, 23 May 2005 23:51:09 -0400

On 5/23/05, Michael Lester <mlester at fastrans dot com> wrote:
> 
> LAN:
> IP Addr: 192.168.20.246
> Netmask: 255.255.0.0
> 
> 
> WAN:
> IP Addr: xx.xx.152.3
> Netmask: 255.255.254.0
> Gateway: xx.xx.152.1
> 
> 
> DMZ:
> IP Addr: xx.xx.154.1
> Netmask: 255.255.254.0
> 
> 
> 
> I enabled advanced outbound NAT (and created a rule to allow the LAN
> outgoing access) like the manual said I should do when using public IPs
> for a DMZ.  When I attempted the switch to m0n0, the LAN was able to see
> the outside Internet as well as the DMZ.  The DMZ however, was not able
> to route out to the outside Internet.  The DMZ machines are using
> xx.xx.154.1 as their gateway.  I was unable to ping xx.xx.154.1 from the
> DMZ machines.  I WAS able to ping the DMZ machines from the m0n0 box.  I
> attempted to add a rule to allow the DMZ out as well, but was not
> successful.  

Sounds like you were missing firewall rules on the DMZ interface. 
Anything in the firewall logs?

-Chris