[ previous ] [ next ] [ threads ]
 
 From:  "Rodman Frowert" <frowertr at i dash 1 dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Unable to ping DMZ hosts from LAN
 Date:  Tue, 7 Sep 2004 11:46:49 -0500
Hey Terry,

Yes the machines (actually they are wireless access points) are set to 
respond to pings.  I can ping them through the webgui interface of m0n0 just 
fine.  They are also set to use m0n0 as their gateway.  They work just fine 
as far as using them for access points for my hotspot.  I just can't talk to 
them from my LAN. :-(

>Do the firewalls allow telnet and ICMP?

Well, they only firewall for my LAN device is:

Proto:    Source:    Port:    Destination:    Port:
*            Lan net       *       *                    *

I assume this would allow anything to pass to the DMZ (as well as everywhere 
else) as long as I don't specifically have a rule set for the DMZ interface 
to block LAN requests...

I tried setting up a firewall rule in the DMZ and put it at the top that 
had:

Proto:    Source:    Port:    Destination:    Port:
*            Lan net       *       DMZ            *

and...

Proto:    Source:    Port:    Destination:    Port:
*            *             *         *                    *

Neither of these had any effect.  I still can't talk to any of the AP's in 
my DMZ from my LAN.

Rodman

----- Original Message ----- 
From: "Terry Miller" <terry at millfam dot org>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Tuesday, September 07, 2004 11:18 AM
Subject: RE: [m0n0wall] Unable to ping DMZ hosts from LAN


Is the machine in the dmz set to use monowall as the default gateway and
respond to pings?
Do the firewalls allow telnet and ICMP?

I was just burned on step 1 last week.



-----Original Message-----
From: Rodman Frowert [mailto:frowertr at i dash 1 dot net]
Sent: Tuesday, September 07, 2004 10:34 AM
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Unable to ping DMZ hosts from LAN


Hey guys,

I looked through the archives and didn't find any answers I thought would be

beneficial to me so I thought I would ask.  I can't seem to ping anything in

the DMZ (other than my m0n0 DMZ interface) from my LAN.  Now I can ping DMZ
hosts from the m0n0 GUI, however.

Is there something that is set that is preventing me from talking to DMZ
hosts from my LAN?  I only have one LAN rule and it is the default rule that

was enabled with m0n0 was installed:  Default LAN --> any.  The DMZ rules I
have set apply to what can come out of the DMZ only because this is my
hotspot.

I would like to eventually put a webserver in my DMZ, so you can imagine I
at least need telnet access to the machine from my LAN.

My LAN is 192.168.1.x/24
My DMZ is 10.10.10.x/24

What am I missing?  Am I going to have to bridge these two to do what I want

to do?

Rodman





---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch




---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch