[ previous ] [ next ] [ threads ]
 
 From:  Falcor <falcor at netassassin dot com>
 To:  Brad Giotes <brad at instawatch dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Basic DMZ help
 Date:  Tue, 23 Dec 2003 18:42:08 -0800
You need an inbound route rule that allows all port 80 inbound traffic 
to be directed to the 10.0.0.243.

e.x.  On the WAN interface do this:  TCP Source * Port * Destination 
10.0.0.243 Port 80   (Allow rule)

Once you do this the firewall will route all port 80 requests to that 
IP.   This is how you would setup forwards for everything really.

Brad Giotes wrote:

>Hello, 
>
> 
>
>I am trying to get started with Monowall after using NetBoz.  Although I've
>been using firewalls on my servers for years, my experience is limited to
>software firewalls and NetBoz.  I'm having some trouble getting started.
>Here is my setup.
>
> 
>
>WAN Adapter - mapped to static IP
>
>LAN - DHCP (192.168.0.1   /24
>
>Optional 1 Adapter (named DMZ) 10.0.0.1  /24
>
> 
>
> 
>
>This configuration is working fine so far.  I can see the Internet from both
>LAN and DMZ 
>
> 
>
>But, I'm having trouble getting my web server working from behind the
>firewall.  Can somebody give me the steps?
>
> 
>
>* I have given the web server this IP (10.0.0.243) and have rule set up that
>allows it to see the Internet.  
>
>* I have set up 1:1 NAT and mapped it to 199.xxx.xxx.243. (I can go to
>www.whatismyip.com <http://www.whatismyip.com/>  and I am shown the external
>IP address so the 1:1 is working).
>
> 
>
>But, I cannot make any rules allow the web site to be displayed.  Could
>somebody tell me what they should be?  
>
> 
>
> 
>
>Also, with NetBoz I had to specify 
>
>* an IP address for the machine (226)
>
>* an IP for the router (225)
>
>And network information (199.xxx.xxx.224/27)
>
> 
>
>My Monowall info is below.  Is this ok?  My common sense tells me I need to
>specify some network info other than just /27. 
>
> 
>
>     <if>xl2</if>
>            <spoofmac/>
>            <mtu/>
>            <ipaddr>199.xxx.xxx.226</ipaddr>
>            <subnet>27</subnet>
>            <gateway>199.xxx.xxx.225</gateway>
>        </wan>
>   
>
> 
>
>Thanks for the help.  I've searched the site and archives but cannot find an
>answer to this.  
>
> 
>
> 
>
>Brad
>
> 
>
>
>  
>