On 13.04.2004 13:24 -0400, David Kitchens wrote:
> 192.168.200.3. Now the problem, the mail server in DMZ cannot be
> pinged from LAN, it will not ping anything in the LAN or on the
> web. It cannot get out and nothing can get in to it. I tried
Don't forget that (ideally) DMZ hosts should not be able to access
anything in the LAN subnet.
> <descr>Default LAN -> any</descr>
Hmm, a pass rule on interface OPT1, but with source "LAN subnet"?
That doesn't make sense - you'll probably want this rule to be
"source = DMZ subnet" and "destination = not LAN subnet".
Also, that static route for 192.168.100.0/24 doesn't make sense
either if that subnet is on the OPT1 interface. You don't need it.