[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 To:  "Ernesto Vega" <ernesvega at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] LAN, WAN, DMZ
 Date:  Thu, 6 Apr 2006 17:21:23 -0400 
On 4/6/06, Ernesto Vega <ernesvega at gmail dot com> wrote:
>
> > From the Internet or inside the network?
> >
>
> both of them
>

It won't work by public IP from inside the network.  see
http://doc.m0n0.ch/handbook/faq-lannat.html


> > If you remove the 1:1 NAT temporarily, can that host get out to the Internet?
> >
>
> i did not tryied that rule !!!
>

Try it.  This will narrow down the scope of the problem greatly.


>
> so, traffic that´s originating from the server1 should have a rule at
> the DMZ interface and
> traffic from the internet to server1 should have a rule at the WAN interface ???
>

correct.


> which IP should i use ??? external  or internal one ???
>

internal.  NAT occurs prior to firewalling, so the firewalling sees
the private IP's.

-Chris