[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Damn that DMZ
 Date:  Tue, 23 Aug 2005 01:24:00 -0400
On 8/23/05, chostert at gmail dot com <chostert at gmail dot com> wrote:
> #Problem
> I have the DMZ interface set up, and DHCP works on the interface. From a
> client on the DMZ network I can ping the GW (the ip addy of the interface)
> and I can nslookup (through monowall doing forwarding). This is as far as I
> can get. I have gone so far as to set all the firewall rules to allow all
> (not for long) and still I get nothing. Dose anyone have any ideas, am I
> missing a step or something obvious? Is there any correlation with the odd
> mac addy I get for the DMZ interface? Its all f's.

The all F's is one issue, you'll need a <spoofmac> in your config
under that interface, as described towards the bottom of this page.

Another thing that sticks out at me is the on the DMZ
interface.  You don't show what your LAN is, but if it's still the
default, things aren't going to work right.  The DMZ
will need to be a separate subnet from the LAN, if it isn't already.