[ previous ] [ next ] [ threads ]
 From:  "Dietmar Kaspers" <dietmar dot kaspers at living dash source dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  newbee question
 Date:  Tue, 30 Dec 2003 18:32:58 +0100

we've looked around in the mailing list, but didn't find any solution for our problem:

our system has three interfaces:
WAN (public IP - 212.x.x.113)
LAN  (local IP   -
DMZ  (public IP - 212.x.x.123)

the DMZ subnet has the web and email server with IP 212.x.x.123.

for testing reasons we created rules for all three interfaces which allow "everything",
means for any protocoll, any source and any destination, packets
are allowed.

from "inside" erverything seems fine:
LAN can access both WAN and DMZ, including web and email.
DMZ can access WAN and LAN, i.e. web

but from "outside" there is something wrong:
BUT WAN can't access DMZ !

We can ping DMZ though from WAN, but HTTP does not work. 
a port scan shows that all ports of the web server are closed.

what are we doing wrong? Do we have to activate NAT ? We didn't think so, 
as we are using a public IP for the DMZ.

it seems that we miss some basic understanding

any help is appreciated :-)