[ previous ] [ next ] [ threads ]
 
 From:  "Neil A. Hillard" <m0n0 at dana dot org dot uk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] how to make this to work
 Date:  Fri, 30 Mar 2007 22:52:27 +0100
Ardit,

In message <460C999B0001E139 at Helios dot mt dot net dot mk>, Ardit Saliu
<muhrem at mt dot net dot mk> writes
>I don't have anything on NAT
>Or I should have something there
>??????
>Please tell me more because I'm new on this

You only need to do this is you have your DMZ bridged with WAN.  Follow
my previous message for further details (contains a full step by step
guide):

http://m0n0.ch/wall/list/showmsg.php?id=308/73

HTH,


                                Neil.

>-----Original Message-----
>From: Neil A. Hillard [mailto:m0n0 at dana dot org dot uk]
>Sent: Friday, March 30, 2007 22:24
>To: m0n0wall at lists dot m0n0 dot ch
>Subject: Re: [m0n0wall] how to make this to work
>
>Hi,
>

><fredrik dot ostergren at itkontakt dot se> writes
>>
>>Hi!
>>
>>Ping from LAN (nat'd interface) --> Bridged interface (your "dmz" bridged
>>with WAN) is not working with ipnat and bridging.
>>
>>http://doc.m0n0.ch/handbook/faq-bridge.html
>>
>>Best Regards
>>
>>/ Fredrik
>>
>>
>>-----Original Message-----
>>From: Klaus Stock [mailto:ks at stock dash consulting dot com]
>>Sent: den 30 mars 2007 19:54
>>To: m0n0wall at lists dot m0n0 dot ch
>>Subject: Re: [m0n0wall] how to make this to work
>>
>>> But when I ping my domain it shows my ip and
>>>
>>> ping webdbserver.mine.nu
>>>
>>> Pinging webdbserver.mine.nu [62.162.237.220] with 32 bytes of data:
>>>
>>> Request timed out.
>>> Request timed out.
>>> Request timed out.
>>> Request timed out.
>>>
>>> Ping statistics for 62.162.237.220:
>>>     Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
>>>
>>> What should I open on m0n0??
>>> I just use this for fun and there is only web I mean 80 and mssql 1433
>>
>>
>>If I understand you correctly, then you'll want to add this rule:
>>
>>Proto Source Port Destination Port Description
>>ICMP  *      *    *           *    Allow PINGs
>>
>>That should allow you to ping your m0n0wall from anywhere in the Internet.
>>
>>Just checked it myself on my 1.23 m0n0wall. I just didn't notice any "fun"
>>in pinging the firewall...?
>>

>
>OK, this WILL work.  You need to use advanced NAT and ensure that any
>packets destined for the WAN / DMZ IP address range are not NATed.
>
>I have this configuration working perfectly here, and has been for at
>least 18 months!
>
>If you need further information, search the mailing list for my previous
>posts.
>
>HTH,
>
>
>                                Neil.

-- 
Neil A. Hillard                E-Mail:   m0n0 at dana dot org dot uk