[ previous ] [ next ] [ threads ]
 
 From:  "Neil A. Hillard" <m0n0 at dana dot org dot uk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] how to make this to work
 Date:  Fri, 30 Mar 2007 21:24:19 +0100
Hi,


<fredrik dot ostergren at itkontakt dot se> writes
>
>Hi!
>
>Ping from LAN (nat'd interface) --> Bridged interface (your "dmz" bridged
>with WAN) is not working with ipnat and bridging.
>
>http://doc.m0n0.ch/handbook/faq-bridge.html
>
>Best Regards
>
>/ Fredrik
>
>
>-----Original Message-----
>From: Klaus Stock [mailto:ks at stock dash consulting dot com]
>Sent: den 30 mars 2007 19:54
>To: m0n0wall at lists dot m0n0 dot ch
>Subject: Re: [m0n0wall] how to make this to work
>
>> But when I ping my domain it shows my ip and
>>
>> ping webdbserver.mine.nu
>>
>> Pinging webdbserver.mine.nu [62.162.237.220] with 32 bytes of data:
>>
>> Request timed out.
>> Request timed out.
>> Request timed out.
>> Request timed out.
>>
>> Ping statistics for 62.162.237.220:
>>     Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
>>
>> What should I open on m0n0??
>> I just use this for fun and there is only web I mean 80 and mssql 1433
>
>
>If I understand you correctly, then you'll want to add this rule:
>
>Proto Source Port Destination Port Description
>ICMP  *      *    *           *    Allow PINGs
>
>That should allow you to ping your m0n0wall from anywhere in the Internet.
>
>Just checked it myself on my 1.23 m0n0wall. I just didn't notice any "fun"
>in pinging the firewall...?
>


OK, this WILL work.  You need to use advanced NAT and ensure that any
packets destined for the WAN / DMZ IP address range are not NATed.

I have this configuration working perfectly here, and has been for at
least 18 months!

If you need further information, search the mailing list for my previous
posts.

HTH,


                                Neil.
-- 
Neil A. Hillard                E-Mail:   m0n0 at dana dot org dot uk