[ previous ] [ next ] [ threads ]
 
 From:  sai <sonicsai at gmail dot com>
 To:  "jan gestre" <m0n0wall dot list at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] DMZ woes
 Date:  Fri, 17 Mar 2006 13:39:39 +0500
On 3/16/06, jan gestre <m0n0wall dot list at gmail dot com> wrote:
> i'm trying to setup my dmz using the OPT interface, tried to use 1:1 NAT and
> Inbound NAT to no avail, i can't get it to work :(
>
> This is my network setup:
>                                                              __________
> internet
>                                                             |
>                                                             |
>                                                             | WAN interface
> 203.xxx.xxx.xxx
>                                                             |
>      LAN interface 192.168.1.1/24        ------------------
>                     ----------------------------------|  monowall
> |------------------------
>                    |                                   ------------------
>                      | DMZ interface 192.168.2.1/24
>
> |
> |
>
> |
> |
>
> |
> |                             192.168.2.3/24
>
> |
> ---------------------                    -----------------------
>
> --------------------
> |      DMZ       |--------------------|   webserver     |
>            |      LAN
> |
> ---------------------                     -----------------------
>
> --------------------
> |
>
> |
> |
>
> |
> |
>
> |
> -----------------------
>
> ------------                                                        |
> mail server    | 192.168.2.2/24
>               | clients
> |
> -------------------------
>               ------------
>
> i did everything in the example but it's not working, can anybody help get
> it to work.
>
> TIA
>
>
(public IP address == real ip address as assigned to you from your ISP)

(private IP == your internal network such as 192.168.2.1)

Here is an example DMZ setting for a web server

[1] Assign private IP address to your web server in the DMZ e.g. 192.168.2.2

[2]  menu: Firewall> NAT> Server NAT : here add the public IP address
of the web server

[3] in the Services menu > Proxy ARP add the the public ip addresses

[4] again in the Firewall menu > NAT > Inbound add the following rule

    * External address: public ip address of the server
    * Protocol: TCP (or as desired)
    * External port range from: HTTP
    * NAT IP: private ip address for server
    * Local port: HTTP

[5] tick the box that says auto add rules.

Dont really get your diagram (text wraps on gmail) but this should
work. If it doesn't then try to explain in more detail what happens
and what doesnt.

sai
sai