I will give it a shot...
m0n0wall's inbound NAT only handles UDP and TCP types of IP traffic.
The 'port' field of UDP/TCP is what allows NAT to make it's magic
work. 'ping' uses ICMP, no 'port' information... so, no ping from WAN.
On the other hand, if each of your DMZ servers was NAT'ed via 1:1
NAT, then each DMZ server would have a mapped public WAN address, so
all types of IP are a go. Your firewall rules are used to allow/
block traffic as desired. Of course, you need 1 static public IP
address for each 1:1 NAT, for every DMZ server.
> And also all my three server in DMZ cannot ping same website or
> public IP at
> the same time?.
My guess this is an outbound NAT issue with non-UDP/TCP data (ie. no
'port' information). Just like you can't PPTP to the same server on
the WAN from inside via multiple simultaneous clients, it makes sense
you can't ping from inside via multiple simultaneous clients well.
NAT can't figure out the return path because of the lack of the
'port' information in the IP packet.
On Aug 22, 2006, at 4:33 AM, Joel Cruz wrote:
> I have a problem with my setup. This my setup
> Wan = dhcp
> Lan = 192.168.1.x/24
> DMZ = 192.168.2.x/24
> Mail 192.168.2.a mail server
> DNS 192.168.2.b DNS server
> Proxy 192.168.2.c proxy server
> Server NAT
> Public IP Description
> 210.1.x.a Mail Server
> 210.1.x.b DNS Server
> 210.1.x.c Proxy Server
> Inbound NAT
> If Proto Ext. NAT Int. Description
> 210.1.x.a TCP SMTP Mail SMTP Mail Server
> 210.1.x.b TCP DNS Dns DNS DNS Server
> 210.1.x.c TCP 8080 Proxy 8080 Proxy Server
> My problem is I cannot ping all the IP (from outside WAN) that I
> configure in
> ServerNat? And also all my three server in DMZ cannot ping same
> website or public IP at
> the same time?.
> The IP in the ServerNat cannot see outside the WAN. Is there any
> configuration that I miss?
> Please Help.....
> This message has been scanned for viruses and
> dangerous content by Diversion Industries Inc.
> believed to be clean.
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch