[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] LAN, WAN, DMZ
 Date:  Thu, 6 Apr 2006 16:54:32 -0400
On 4/6/06, Ernesto Vega <ernesvega at gmail dot com> wrote:
>
> LAN: 10.1.1.1
> WAN: 2xx.xxx.xxx.138
> DMZ: 192.168.100.1
> server1: 192.168.100.2 (1:1 NAT to 2xx.xxx.xxx.140)
>

looks fine.


>

> IP(2xx.xxx.xxx.140).
>

From the Internet or inside the network?



> outside.
>

If you remove the 1:1 NAT temporarily, can that host get out to the Internet?


> Where do i put my rules ??? WAN or DMZ interface ??
>

On the interface where the traffic to be filtered is entering.  i.e.
outbound traffic from DMZ is affected by rules on the DMZ interface. 
Inbound traffic originating from the Internet is affected by rules on
the WAN interface (not including reply traffic to connections sourced
within your networks, which are let through by the state table).

-Chris