[ previous ] [ next ] [ threads ]
 
 From:  "Ernesto Vega" <ernesvega at gmail dot com>
 To:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] LAN, WAN, DMZ
 Date:  Thu, 6 Apr 2006 17:07:44 -0400
2006/4/6, Chris Buechler <cbuechler at gmail dot com>:
> On 4/6/06, Ernesto Vega <ernesvega at gmail dot com> wrote:
> >
> > LAN: 10.1.1.1
> > WAN: 2xx.xxx.xxx.138
> > DMZ: 192.168.100.1
> > server1: 192.168.100.2 (1:1 NAT to 2xx.xxx.xxx.140)
> >
>
> looks fine.
>
>
> >

> > IP(2xx.xxx.xxx.140).
> >
>
> From the Internet or inside the network?
>

both of them


>

> > outside.
> >
>
> If you remove the 1:1 NAT temporarily, can that host get out to the Internet?
>

i did not tryied that rule !!!

>
> > Where do i put my rules ??? WAN or DMZ interface ??
> >
>
> On the interface where the traffic to be filtered is entering.  i.e.
> outbound traffic from DMZ is affected by rules on the DMZ interface.
> Inbound traffic originating from the Internet is affected by rules on
> the WAN interface (not including reply traffic to connections sourced
> within your networks, which are let through by the state table).
>
> -Chris


the DMZ interface and
traffic from the internet to server1 should have a rule at the WAN interface ???

which IP should i use ??? external  or internal one ???

Ernesto