Re: [m0n0wall] DMZ woes

From:	"Lee Sharp" <leesharp at hal dash pc dot org>
To:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] DMZ woes
Date:	Sat, 18 Mar 2006 00:10:49 -0600

From: "jan gestre" <m0n0wall dot list at gmail dot com>

> WAN = 203.xxx.xxx.186
> LAN = 192.168.1.1
> DMZ = 192.168.2.1

> i have three servers in my DMZ whose ip addresses are as follows:

> mailserver = 203.xxx.xxx.190/29
> web1        = 203.xxx.xxx.189/29
> web2        = 203.xxx.xxx.188/29

> i made a server NAT and proxy ARP for those addresses above and made a
> inbound NAT for each as follows:

> SMTP and HTTP  =  192.168.2.2  <--- mailserver + squirrelmail
> HTTP                  =  192.168.2.3 <--- web1
> HTTP                  =  192.168.2.4 <--- web2

> checked against whatismyip.com individualy on each server machines and it
> returned the ip of my monowall which is 203.xxx.xxx.186/29

To start, use 1:1 NAT and not server NAT and whatismyip.com should work. 
Next, do you have any firewall rules allowing you into the DMZ from LAN and 
from WAN?  When you come from LAN are your using 192.168.2.2, because the 
outside address will not work.  Will the web server answer on 192.168.2.2 as 
well as 203.xxx.xxx.190?

                                Lee