[ previous ] [ next ] [ threads ]
 From:  sai <sonicsai at gmail dot com>
 To:  stfuhello <stfuhelloworld at yahoo dot com dot au>
 Cc:  mono <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: monowall HTTP ports on LAN side ?!?!*%# Im a n00b
 Date:  Wed, 12 Oct 2005 14:49:19 +0500
[1] its probably much simpler than you think!
[2] if your network is the usual (ie your PCs on the LAN interface)
then to allow http access you need to add a rule so that :
interface: LAN
proto: TCP
destination port: 80 (HTTP)
all other are * (ie any)
[3] get rid of the the rules on WAN, get rid of the NAT rules
[4] you usually need dns also to browse...add that also (hint - dns is
tcp AND udp). Add a rule for this.
[5] You should try getting your filesharing to work after you get the
simple http going.



On 10/12/05, stfuhello <stfuhelloworld at yahoo dot com dot au> wrote:
> Hi guys iam having a few problems because im a n00b :) . In the
> following paragraph i will be referring to DIAGRAMS  located at
> http://img433.imageshack.us/img433/4404/problem4pk.jpg. What i would
> like to do is delete the LAN "permit any"  , as seen in DIAGRAM A. After
> this i would like to manually create rules to permit each  program
> access to the net and access to other hosts through the LAN rules
> interface. Im doing this to ad an extra layer of security . I thought
> starting off with  HTTP, thinking it would be easy enough. After
> disabling the "permit any" rule on LAN  interface , i tried creating a
> lan rule to alow http on LAN  and net but to no avail. I tried adding
> default HTTP rules , to everything... but i still couldnt acces the net
> with my browser. I then thought well i will  enable the "permit any"
> rule (DIAGRAM A) and log traffic to see whats happening. I cleared all
> previous firewall logs then opened my browser. The logged traffic is
> highlighted as DIAGRAM D. Ive also added NAT interface and WAN rules
> interface in DIAGRAMS B+C  incase im making some monumental mistake/s.
> Could someone please show me how to create the a relatively specific (as
> opposed to "permit any")  HTTP rule/s on the LAN rules interface to
> access the net and other hosts on the LAN.
> Thank You
> Send instant messages to your online friends http://au.messenger.yahoo.com
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch