On 10/5/06, Max Cristin <max dot cristin at rogers dot com> wrote:
> I have a LAN (192.168.1.0/24) and DMZ (192.168.3.0/24). I'm using
> Monowall both as a DHCP and DNS forwarder and have the "Register DHCP
> leases in DNS forwarder" enabled.
> Hosts on both LAN and DMZ can resolve names on internet. Hosts on the
> LAN can also resolve internal names on LAN and DMZ, but hosts on the DMZ
> cannot resolve any LAN names, but only internet names.
> To get around it I had to manually add the names and IP's of LAN hosts
> to the hosts.conf on the servers in the DMZ.
> Is this behavior normal? If not, how do I get around it without editing
> the hosts file? Thanks.
> that's the default behavior of monowall or any other firewall for that
> matter, your DMZ traffic to LAN is blocked by default, the reason for this
> is simple, its because if for any reason your DMZ gets compromised your LAN
> will still be protected by your firewall.