[ previous ] [ next ] [ threads ]
 From:  Steve Johnson <sjohnson at warpdriveonline dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  no WAN access to DMZ http
 Date:  Mon, 06 Mar 2006 11:38:39 -0700

I'm running m0n0wall 1.21 on a 3-NIC box. Cable modem WAN connection
with a single IP address. Normal LAN-to-WAN operation is fine, now I've
activated the OPT1 interface and am setting up a DMZ.

I have a linux webserver in the DMZ that I can access from the LAN
interface. There are firewall rules to allow DNS and NTP within the DMZ
and also to block traffic from the DMZ into the LAN. Everything is
working as expected.

Next, I set up a NAT rule to allow WAN traffic to access http on the DMZ
web server. I confirmed that m0n0wall also created the firewall rule
allowing the access. I modified the rule to log packets handled by this

Not only can I not access the http server from the WAN interface, I'm
not even seeing any inbound http in the log, Nothing, either passed or
blocked. I'm seeing typical  probing on ports 1025, 1026, 1027, 1029,
1433, but nothing inbound from the WAN in the lower range.

It almost sounds like there's filtering occurring upstream. I'm a little
baffled. Any ideas would be appreciated!