[ previous ] [ next ] [ threads ]
 
 From:  Peter <peter at iwebsl dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Opt interface Rules
 Date:  Wed, 28 Sep 2005 08:52:10 -0400
You first need to NAT then create an inbound rule for WAN. Mine looks like this:
 TCP  	 *  	 1024 - 65535  	 192.168.10.3  	 80 (HTTP)  	 NAT web server 

The only rule you could need for OPT1 is outbound but the docs state a case for not even having
that.
http://img.m0n0.ch/docbook/examples-dmz-lockdown.html

Peter

On Wed, 28 Sep 2005 16:57:04 +1000, Mark Wass wrote:
> Hi All
>
> Fairly simple question, but I just want to check.
>
> I will have a server on the Opt1 interface with a real IP, this
> server
> will have a web service running on it.
>
> What I want to know is what rules do I have to create on the Opt1
> interface to allow web access?
>
> This is what I thought I may have to add
>
> Pass/Block      Proto        Source        Port
> Destination
> Port
> Pass            TCP            *                *
> X.X.X.X            80
>
> Do I have to add another rule allowing traffic from the server from
> port
> 80 backout to the Internet?
>
> Also will I have to add any rules to allow access to this server
> from
> LAN interface?
>
> Thanks
>
> --------------------------------------------------------------------
> -
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch