On 8/23/05, chostert at gmail dot com <chostert at gmail dot com> wrote:
> I have the DMZ interface set up, and DHCP works on the interface. From a
> client on the DMZ network I can ping the GW (the ip addy of the interface)
> and I can nslookup (through monowall doing forwarding). This is as far as I
> can get. I have gone so far as to set all the firewall rules to allow all
> (not for long) and still I get nothing. Dose anyone have any ideas, am I
> missing a step or something obvious? Is there any correlation with the odd
> mac addy I get for the DMZ interface? Its all f's.
The all F's is one issue, you'll need a <spoofmac> in your config
under that interface, as described towards the bottom of this page.
Another thing that sticks out at me is the 192.168.1.0/24 on the DMZ
interface. You don't show what your LAN is, but if it's still the
default 192.168.1.0/24, things aren't going to work right. The DMZ
will need to be a separate subnet from the LAN, if it isn't already.