Re: [m0n0wall] Connect to DMZ from LAN through WAN

From:	"Neil A. Hillard" <m0n0 at dana dot org dot uk>
To:	m0n0wall at lists dot m0n0 dot ch
Cc:	"Alberto (Warfox) De Boni" <warfox at neobe dot it>
Subject:	Re: [m0n0wall] Connect to DMZ from LAN through WAN
Date:	Fri, 10 Feb 2006 14:13:10 +0000

Hi,

In message <43EC5F3F dot 1000107 at neobe dot it>, "Alberto (Warfox) De Boni"
<warfox at neobe dot it> writes
>I saw that FAQ, the real difference is that i don't use NAT.
>I've got 16 public IP, and the server in DMZ have their own public ip
>address.
>
>DMZ is not NATTED, it's bridged with WAN interface. For some reasons, i
>can't tell to Office's PC to access Servers with a direct accesso LAN-
>DMZ. When i try to access i.e. Server1, the packet will go to internet
>using WAN publi IP and go back to DMZ Server1 public ip.. At this point
>monowall accept connection, but when server1 try to send a packet back
>to WAN public Ip monowall stops it.
>
>09:38:35.229624        DMZ <?if=DMZ>   62.2.231.xx, port 25 <?sp=25>
>62.2.231.xx, port 59105 <?dp=59105>    TCP <?pr=TCP>
>
>
>The first ip is Server1 Ip address. The second one is WAN public ip.

You may want to look at one of my previous posts on this:

http://m0n0.ch/wall/list/showmsg.php?id=235/74


The important thing to note is that you need to use advanced NAT and
ensure that LAN to WAN is NAT'd but LAN to DMZ is not.

HTH,


                                Neil.

-- 
Neil A. Hillard                E-Mail:   m0n0 at dana dot org dot uk