|
||||||||||
you do not need the nat rule. m0no does the nat by itself. you do need the firewall rule. sai On 11/24/06, NHEM Vichika <nhemvichika dot rsa at gmail dot com> wrote: > Hi > I'm one of m0n0wall lover. Now I've got a problem "Host in DMZ zone can not > access the services (ex. http...) in LAN zone". > I've follow your manual but it doesn't work. I have downloaded that m0n0wall > 1.22 and 1.23b1, and I have test both version, it's not work. > Or I miss some instructions. > Here my steps: > > > LAN (192.168.0.0/24)--------(.252)[m0n0wall](.250)-------DMZ ( > 192.168.10.0/24) > | > |--------{Internet} > > client (192.168.10.240) from DMZ can not access HTTP server (apache2, > 192.168.0.199) in LAN zone. > I have add NAT inbound like below: > > --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > If Proto Ext.port rang NAT > IP Int.port range Description > DMZ TCP 80 (HTTP) > 192.168.0.199 80 (HTTP) Allow http to www Server > > --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > and also rule in my DMZ interface: > > --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > Proto Source Port Destination > Port Description > TCP * * 192.168.0.199 > HTTP(80) NAT Allow http to www Server > --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Please help me. > best regards, > > NHEM Vichika > > |