|
||||||||||
2006/4/6, Chris Buechler <cbuechler at gmail dot com>: > On 4/6/06, Ernesto Vega <ernesvega at gmail dot com> wrote: > > > > LAN: 10.1.1.1 > > WAN: 2xx.xxx.xxx.138 > > DMZ: 192.168.100.1 > > server1: 192.168.100.2 (1:1 NAT to 2xx.xxx.xxx.140) > > > > looks fine. > > > > > > The problem is that i can´t get to access server1 on it´s WAN > > IP(2xx.xxx.xxx.140). > > > > From the Internet or inside the network? > both of them > > > Also i can´t make it to access other hosts > > outside. > > > > If you remove the 1:1 NAT temporarily, can that host get out to the Internet? > i did not tryied that rule !!! > > > Where do i put my rules ??? WAN or DMZ interface ?? > > > > On the interface where the traffic to be filtered is entering. i.e. > outbound traffic from DMZ is affected by rules on the DMZ interface. > Inbound traffic originating from the Internet is affected by rules on > the WAN interface (not including reply traffic to connections sourced > within your networks, which are let through by the state table). > > -Chris so, traffic that´s originating from the server1 should have a rule at the DMZ interface and traffic from the internet to server1 should have a rule at the WAN interface ??? which IP should i use ??? external or internal one ??? Ernesto |