[ previous ] [ next ] [ threads ]
 From:  sai <sonicsai at gmail dot com>
 To:  "beau2beau at mac dot com" <beau2beau at mac dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] inbound rules
 Date:  Fri, 24 Feb 2006 14:46:17 +0500
On 2/24/06, beau2beau at mac dot com <beau2beau at mac dot com> wrote:
> thanks for help.
> yes, i read the examples but i can't fix my problem.
> in my opinon i don't need proxy arp because my wan ips and gateway are in the same subnet.
> wan ip: 195.xxx.xxx.129
> subnet:
> gateway: 195.xxx.xxx.254
> the firewall log say
> denied  20:00:00        WAN     217.xxx.xxx.xxx, port 2480, port 80 TCP
> any idea
> thanks sven

Have got "Advanced NAT" selected? This turns off NATing and you should
not have it ticked.

Here is my HOWTO DMZ (got different bits of  it from this mailing list)

(public IP address == real ip address as assigned to you from your ISP)

(private IP == your internal network such as

How to Setup a DMZ:

Here is an example DMZ setting for a web server

[1] Assign private IP address to your server in the DMZ e.g.

[2] on the menu: Firewall> NAT> Server NAT add the public IP address
of the server (plus description if you want to do it properly)

[3] in the Services menu > Proxy ARP add the the public ip addresses
(so that the WAN port can respond to all the public ip addresses)

[4] again in the Firewall menu > NAT > Inbound add the following rule

    * External address: public ip address of the server
    * Protocol: TCP (or as desired)
    * External port range from: HTTP(or as desired)
    * NAT IP: private ip address for server
    * Local port: HTTP (or as desired)

[5] tick the box that says auto add rules.