[ previous ] [ next ] [ threads ]
 
 From:  "Dietmar Kaspers" <dietmar dot kaspers at web dot de>
 To:  <lscrlstld at yahoo dot com dot br>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] newbee question
 Date:  Tue, 30 Dec 2003 20:37:23 +0100 
> check the correct network masks on the interfaces WAN and DMZ, and
> the network mask on the router interface too.

> the ip 212.x.x.123 it's in the 212.x.x.112  network less or equal than /29
> range

I've checked again and it seems ok.
here is my configuration:

interfaces:
WAN:
Type:          static
IP address: 212.x.x.98 / 30
Gateway:    212.x.x.97

LAN:
IP address: 192.168.0.1 / 24

DMZ:
Bridge with:  none
IP address: 212.x.x.113 / 28

Firewall rules:
WAN
proto | source | port | destination | port
*       |  *        |    *  |  DMZ net  | *

DMZ
proto | source | port | destination | port
*       |  DMZ  |    *  |  *              | *

LAN
proto | source | port | destination | port
*       |  LAN  |    *  |  *              | *


as said before I can ping DMZ from WAN, but HTTP
does not work, i.e. is blocked

in the firewall log I have entries like:
19:35:16.911029 xl2 @0:15 b 212.x.x.97,520 -> 212.x.x.99,520 PR udp len 20
112 IN
19:35:14.041642 xl2 @0:15 b a.b.c.d -> 212.x.x.111 PR icmp len 20 92 icmp
echo/0 IN
19:35:14.041642 xl2 @0:15 b a.b.c.d -> 212.x.x.110 PR icmp len 20 92 icmp
echo/0 IN
19:35:14.041642 xl2 @0:15 b a.b.c.d -> 212.x.x.109 PR icmp len 20 92 icmp
echo/0 IN
19:35:14.041642 xl2 @0:15 b a.b.c.d -> 212.x.x.108 PR icmp len 20 92 icmp
echo/0 IN

how can I find out which is the rule 0:15, that is blocking here?

any hints ?
Dietmar