[ previous ] [ next ] [ threads ]
 
 From:  "oliver busta [networx.at]" <o dot busta at networx dot at>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  pass out - rules?
 Date:  Fri, 16 Jan 2004 15:49:14 +0100 
i've been using a FreeBSD4.5 firewall for 2 years now.
last month i bought a Soekris4801 and played around with m0n0wall.
it's easy to setup and maintain - great hard/software!

my problem now: how do i insert a "pass out ..." rule via the webGUI?
i need these rules for my webservers in the DMZ to work properly (see
diagramm below).

            ------------------[m0n0wall]----------------
PROVIDER---|WAN (XX.XX.47.20)          DMZ
(XX.XX.44.97)|---DMZ(XX.XX.44.96/28)
           |              LAN (192.168.1.1)             |
            --------------------------------------------
                                   |
                         LAN (192.168.1.0/24)


the provider routes my 16 static IPs to my WAN IP address, the firewall
then routes it to the DMZ interface. in my current firewall-ruleset i
use these rules to get it going:

block out quick on fxp2 all head 60
pass out quick on fxp2 proto tcp from any to XX.XX.44.99 port = http
keep state group 60
pass out quick on fxp2 proto tcp from any to XX.XX.44.100 port = http
keep state group 60
pass out quick on fxp2 proto tcp from any to XX.XX.44.101 port = http
keep state group 60
(ditto for other ports: https, mysql,...)
block out log on fxp2 all group 60

but the rule "allow http from my webservers to any" on the m0n0wall
interface doesn't do the job...


regards, Oliver