|
||||||||||
accessing nated services from within lan? look my modifications here. http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=186&actionargs[]=63 2005/8/18, Michal Bartkowiak <mailing at digital dot nonspace dot net>: > Hello, > > My problem > - Can't connect to FTP server in DMZ from clients in LAN subnet > (connections from WAN subnet works in both passive and active mode) > > My configuration > - WAN interface: 192.168.1.64 (fxp0) > - LAN interface: 10.0.0.1 (fxp1) > - DMZ interface: 172.16.0.1 (fxp2) > > - FTP Server > IP: 172.16.0.2 (alias: Crypt) > ports for passive connections replies: 49500-49900 > IP forced on PASV/EPSV/SPSV replies: 192.168.1.64 (WAN interface) > clients allowed from: 127.0.0.1, 192.168.0.0/16, 10.0.0.0/8 > > - NAT rules > Server NAT: 192.168.1.64 > Inbound: WAN | TCP | 21 | Crypt (ext.: 192.168.1.64) | 21 > Inbound: WAN | TCP | 49500-49900 | Crypt (ext...) | 49500-49900 > > - Firewall PASS rules on WAN interface > TCP | 192.168.0.0/16 | * | Crypt | 21 > TCP | 192.168.0.0/16 | * | Crypt | 49500-49900 > > - Firewall PASS rules on DMZ interface > TCP | Crypt | 20 | 192.168.0.0/16 | * > > My question > Now what rules (or maybe routes?) should I add to allow ftp connections > from clients in LAN to FTP server (passive and active)? > On this DMZ machine is also HTTP server accessible only to LAN clients > (via outgoing PASS rules), and I want to stick with this - WAN clients > can't request GET/HEAD. > > Any suggestion would be really appreciated, > Michal Bartkowiak > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > |