[ previous ] [ next ] [ threads ]
 
 From:  "jan gestre" <m0n0wall dot list at gmail dot com>
 To:  "Max Cristin" <max dot cristin at rogers dot com>
 Cc:  "Monowall Support List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] DNS forwarder and DMZ
 Date:  Fri, 6 Oct 2006 14:11:45 +0800
On 10/5/06, Max Cristin <max dot cristin at rogers dot com> wrote:
>
> I have a LAN (192.168.1.0/24) and DMZ (192.168.3.0/24). I'm using
> Monowall both as a DHCP and DNS forwarder and have the "Register DHCP
> leases in DNS forwarder" enabled.
>
> Hosts on both LAN and DMZ can resolve names on internet. Hosts on the
> LAN can also resolve internal names on LAN and DMZ, but hosts on the DMZ
> cannot resolve any LAN names, but only internet names.
>
> To get around it I had to manually add the names and IP's of LAN hosts
> to the hosts.conf on the servers in the DMZ.
>
> Is this behavior normal? If not, how do I get around it without editing
> the hosts file? Thanks.
>
> Max
> **
>
> that's the default behavior of monowall or any other firewall for that
> matter, your DMZ traffic to LAN is blocked by default, the reason for this
> is simple, its because if for any reason your DMZ gets compromised your LAN
> will still be protected by your firewall.



HTH