Re: [m0n0wall] Damn that DMZ

From:	Chris Buechler <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Damn that DMZ
Date:	Tue, 23 Aug 2005 01:24:00 -0400

On 8/23/05, chostert at gmail dot com <chostert at gmail dot com> wrote:
> 
> #Problem
> I have the DMZ interface set up, and DHCP works on the interface. From a
> client on the DMZ network I can ping the GW (the ip addy of the interface)
> and I can nslookup (through monowall doing forwarding). This is as far as I
> can get. I have gone so far as to set all the firewall rules to allow all
> (not for long) and still I get nothing. Dose anyone have any ideas, am I
> missing a step or something obvious? Is there any correlation with the odd
> mac addy I get for the DMZ interface? Its all f's.
> 

The all F's is one issue, you'll need a <spoofmac> in your config
under that interface, as described towards the bottom of this page.
http://chrisbuechler.com/m0n0wall/nokia/ip110.html

Another thing that sticks out at me is the 192.168.1.0/24 on the DMZ
interface.  You don't show what your LAN is, but if it's still the
default 192.168.1.0/24, things aren't going to work right.  The DMZ
will need to be a separate subnet from the LAN, if it isn't already.

-Chris