[ previous ] [ next ] [ threads ]
 
 From:  "Brad Giotes" <brad at instawatch dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Basic DMZ help
 Date:  Mon, 22 Dec 2003 17:59:59 -0600
Hello, 

 

I am trying to get started with Monowall after using NetBoz.  Although I've
been using firewalls on my servers for years, my experience is limited to
software firewalls and NetBoz.  I'm having some trouble getting started.
Here is my setup.

 

WAN Adapter - mapped to static IP

LAN - DHCP (192.168.0.1   /24

Optional 1 Adapter (named DMZ) 10.0.0.1  /24

 

 

This configuration is working fine so far.  I can see the Internet from both
LAN and DMZ 

 

But, I'm having trouble getting my web server working from behind the
firewall.  Can somebody give me the steps?

 

* I have given the web server this IP (10.0.0.243) and have rule set up that
allows it to see the Internet.  

* I have set up 1:1 NAT and mapped it to 199.xxx.xxx.243. (I can go to
www.whatismyip.com <http://www.whatismyip.com/>  and I am shown the external
IP address so the 1:1 is working).

 

But, I cannot make any rules allow the web site to be displayed.  Could
somebody tell me what they should be?  

 

 

Also, with NetBoz I had to specify 

* an IP address for the machine (226)

* an IP for the router (225)

And network information (199.xxx.xxx.224/27)

 

My Monowall info is below.  Is this ok?  My common sense tells me I need to
specify some network info other than just /27. 

 

     <if>xl2</if>
            <spoofmac/>
            <mtu/>
            <ipaddr>199.xxx.xxx.226</ipaddr>
            <subnet>27</subnet>
            <gateway>199.xxx.xxx.225</gateway>
        </wan>
   

 

Thanks for the help.  I've searched the site and archives but cannot find an
answer to this.  

 

 

Brad