I can't get get NATed LAN hosts talking to
bridged-with-WAN DMZ (OPT1) hosts... yet I can ping
OPT1 hosts from m0n0wall itself.
LAN - NATed subnet
WAN - public IP x.y.z.129
OPT1 (DMZ) - bridged to WAN
OPT2 (WLAN) - bridged to LAN
OPT1 (DMZ) is plugged into an isolated switch.
Non-x.y.z.129 DMZ hosts can talk to each other just
fine. However, hosts on NATed LAN cannot reach hosts
on OPT1 (DMZ). E.g. if x.y.z.16 is a host in DMZ, LAN
hosts masq-ed under x.y.z.129 cannot reach x.y.z.16.
E.g. this fails from a LAN host:
"telnet x.y.z.16 80"
... and yields this log entry:
19:15:21.783007 sis2 @0:13 B x.y.z.16,80 ->
x.y.z.129,51291 PR TCP len 20 48 -AS IN
Hosts on LAN can get anywhere else (except DMZ) based
on the single "LAN Net -> any" for all ports/protocols
I have not enabled "block private networks".
I have not enabled bridge filtering.
I can actually ping x.y.z.16 directly from the
m0n0wall box just fine. E.g. /exec.php with ping -c 3
x.y.z.16 works GREAT.
So why can't the LAN hosts get to the DMZ? Is
NATing+Bridging a problem? I'd really like to see
this work: The filtering bridge and traffic shaper
and everything else in one box is slick.
Btw - This m0n0wall distro is very impressive: More
functional than many commercial products, yet very
simple to use. Big kudos to the author.