On 4/6/06, Ernesto Vega <ernesvega at gmail dot com> wrote:
> LAN: 10.1.1.1
> WAN: 2xx.xxx.xxx.138
> DMZ: 192.168.100.1
> server1: 192.168.100.2 (1:1 NAT to 2xx.xxx.xxx.140)
> The problem is that i can´t get to access server1 on it´s WAN
From the Internet or inside the network?
> Also i can´t make it to access other hosts
If you remove the 1:1 NAT temporarily, can that host get out to the Internet?
> Where do i put my rules ??? WAN or DMZ interface ??
On the interface where the traffic to be filtered is entering. i.e.
outbound traffic from DMZ is affected by rules on the DMZ interface.
Inbound traffic originating from the Internet is affected by rules on
the WAN interface (not including reply traffic to connections sourced
within your networks, which are let through by the state table).