Remove the source ports. Your rules should be more like:

Proto    Source    Port       Destination    Port

TCP/UDP  LAN net   *      	*              53  (DNS)
TCP      LAN net   *     	*              80  (HTTP)
TCP      LAN net   *		*              110 (POP3) 

From the client end of the connection (source) the port will be random, the
server (destination) is listening on a set port. You may also want to add
port 443 for https to work.

_________________________________
James W. McKeand


-----Original Message-----
From: kashif yaqoob [mailto:mkyaqoob2002 at yahoo dot com] 
Sent: Thursday, August 19, 2004 4:47 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] help m0n0 wall rules

Dear sir,

I have setup m0n0 Wall and to access the internet I have the following rule.

LAN interface

Proto    Source    Port      Destination    Port
TCP/UDP  LAN net    *          *             *

This rule (above) works and allows me access to the internet.

Now I want to make the LAN secure and only allow DNS, HTTP and POP access
from the LAN to the WAN. So I delete the above rule and add the following
rules.

Proto    Source    Port       Destination    Port

TCP/UDP  LAN net  53 (DNS)      *           53 (DNS)
TCP      LAN net  80 (HTTP)     *            80 (HTTP)
TCP      LAN net  110 (POP3)    *            110
(POP3)

If I only have these 3 rules then I cannot access the internet (no Http
access, no DNS, no POP access).

What is the mistake I am making? Can someone give me a set of rules for
simple access to the internet for a small office please?

Best Regards,
Kashif




_______________________________
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
http://promotions.yahoo.com/goldrush

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch