[ previous ] [ next ] [ threads ]
 
 From:  "Brett Woodruff" <brett at skyways dot us>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] DMZ Issues for the 400th Time
 Date:  Thu, 20 Apr 2006 07:48:26 -0500
Looks like your setting it up right on the DMZ...  But there is one thing
your not realizing....  You can't access your internal servers by using your
external address, while your inside the local network.  As long as your
behind the firewall too, you have to use the private address...  If you can
get an internet connection from out site the firewall, Ie. Neighbor, dialup,
etc. you should be able to access you internal servers from the external
address... as you are trying to do...

Brett
-----Original Message-----
From: dasz [mailto:daszylstra at comcast dot net] 
Sent: Wednesday, April 19, 2006 10:37 PM
To: NERD341 at softhome dot net; m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] DMZ Issues for the 400th Time 


----- Original Message ----- 
From: <NERD341 at softhome dot net>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Wednesday, April 19, 2006 10:32 PM
Subject: [m0n0wall] DMZ Issues for the 400th Time


>I have been reading the M0n0Wall mailing list for sometime and still can't
>find a fix for my problem; I am trying to setup a DMZ.  I know this has
>been asked a million times but I must be missing something and would
>appreciate a hand.  Here is a little back store on my network.  I have a
>Generic-PC setup (P3 with a 4 gig HD 512 MB of Ram) with 5 network cards.
>I have 5 static IP <X.X.X.154-158> addresses I would like to use for
>Servers.  I currently have my servers on the outside of my firewall to be
>operational.
> Here is my network diagram.
> WAN (X.X.X.154)
> LAN (192.168.1.1)
>  <DHCP - PC's and Other IP Random Stuff)
> DMZ (192.168.10.1)
>   <192.168.10.100> - Server 1 (WWW1 and Mail) (X.X.X.155)
>   <192.168.10.110> - Server 2 (WWW2) (X.X.X.156)
>   <192.168.10.120> - Server 3 (Dev) (X.X.X.157)
>   <192.168.10.130> - Server 4 (Other) (X.X.X.158)
> WLAN (192.168.2.1)
>   <DHCP - Private Wireless>
> WLAN_PUBLIC (192.168.5.1)
>    <DHCP - Public Wireless>
> I have PROXY ARP setup to lessen for IP X.X.X.155-158.  I have capture
> portal active on WLAN_PUBLIC and Outbound NAT setup for LAN, WLAN, and
> WLAN_PUBLIC.  1:1 NAT setup to the above config.
> Now this is where I get a little confusted . Which interface do I need to
> set the rules up on to allow traffic to my servers.  I have been testing
> this by allowing HTTP to Server 1, Rule Like TCP | * | 80 |
> 192.168.10.100| 80 on the DMZ interface.  Is this RIGHT?  I am unable to
> access the server by using the IP .154.  I did add a rule of  TCP | * | *
> |  X.X.X.154 | 8080 so I could remote admin the firewall for testing and
> this works file.
> Any help on getting this working would be greatly appreciated.
----------------------------------------------------------------------------
-------

Try the rule with TCP | * | * | 192.168.10.100| 80    (the http client
doesn't normally use source port 80, just destination port 80)

Also when I'm debugging my config I found the firewall log is very
helpful -- i.e. if you test http access that gets denied the log should show
the event with source IP/port and destination IP/port . . . .


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch





-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.4.4/318 - Release Date: 4/18/2006