[ previous ] [ next ] [ threads ]
 
 From:  sai <sonicsai at gmail dot com>
 To:  "NHEM Vichika" <nhemvichika dot rsa at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Host in DMZ cannot use service at LAN.
 Date:  Mon, 27 Nov 2006 21:28:58 +0500
you do not need the nat rule. m0no does the nat by itself. you do need
the firewall rule.

sai

On 11/24/06, NHEM Vichika <nhemvichika dot rsa at gmail dot com> wrote:
> Hi
> I'm one of m0n0wall lover. Now I've got a problem "Host in DMZ zone can not
> access the services (ex. http...) in LAN zone".
> I've follow your manual but it doesn't work. I have downloaded that m0n0wall
> 1.22 and 1.23b1, and I have test both version, it's not work.
> Or I miss some instructions.
> Here my steps:
>
>
> LAN (192.168.0.0/24)--------(.252)[m0n0wall](.250)-------DMZ (
> 192.168.10.0/24)
>                                                         |
>                                                         |--------{Internet}
>
> client (192.168.10.240) from DMZ can not access HTTP server (apache2,
> 192.168.0.199)  in LAN zone.
> I have add NAT inbound like below:
>
>
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> If                Proto            Ext.port rang                         NAT
> IP                  Int.port range                  Description
> DMZ           TCP             80 (HTTP)
> 192.168.0.199        80 (HTTP)                      Allow http to www Server
>
>
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> and also rule in my DMZ interface:
>
>
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> Proto           Source           Port           Destination
> Port                      Description
> TCP             *                    *               192.168.0.199
> HTTP(80)               NAT Allow http to www Server
>
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Please help me.
> best regards,
>
> NHEM Vichika
>
>