[ previous ] [ next ] [ threads ]
 
 From:  "Rodman Frowert" <frowertr at i dash 1 dot net>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Unable to ping DMZ hosts from LAN
 Date:  Tue, 7 Sep 2004 11:54:01 -0500 
Hello Chet,

The default rule for my LAN currently is this:

Proto:    Source:    Port:    Destination:    Port:
*            Lan net       *       *                    *

Since I have the destination set to "any" it should allow access to the DMZ, 
correct?  I did try this to the LAN as well:

Proto:    Source:    Port:    Destination:    Port:
*            Lan net       *       DMZ                *

But that had no effect.  I looked in the static route config, but got a 
little confused.  HMmm....

Rodman


----- Original Message ----- 
From: "Chet Harvey" <chet at pittech dot com>
To: "Rodman Frowert" <frowertr at i dash 1 dot net>
Cc: <m0n0wall at lists dot m0n0 dot ch>
Sent: Tuesday, September 07, 2004 11:17 AM
Subject: Re: [m0n0wall] Unable to ping DMZ hosts from LAN


> You will have to add a allow rule from LAN to DMZ. The default LAN > any 
> is to
> thw WAN interface. (going from memory here since I dont have a m0n0 in 
> front of
> me.
>
> May need to add a static route too.
>
> Chet Harvey
> Pitbull Technologies <http://www.pittech.com/>
> Protecting your Digital Assets
> 703.407.7311
>
>
> Quoting Rodman Frowert <frowertr at i dash 1 dot net>:
>
>> Hey guys,
>>
>> I looked through the archives and didn't find any answers I thought would 
>> be
>>
>> beneficial to me so I thought I would ask.  I can't seem to ping anything 
>> in
>>
>> the DMZ (other than my m0n0 DMZ interface) from my LAN.  Now I can ping 
>> DMZ
>> hosts from the m0n0 GUI, however.
>>
>> Is there something that is set that is preventing me from talking to DMZ
>> hosts from my LAN?  I only have one LAN rule and it is the default rule 
>> that
>>
>> was enabled with m0n0 was installed:  Default LAN --> any.  The DMZ rules 
>> I
>> have set apply to what can come out of the DMZ only because this is my
>> hotspot.
>>
>> I would like to eventually put a webserver in my DMZ, so you can imagine 
>> I
>> at least need telnet access to the machine from my LAN.
>>
>> My LAN is 192.168.1.x/24
>> My DMZ is 10.10.10.x/24
>>
>> What am I missing?  Am I going to have to bridge these two to do what I 
>> want
>>
>> to do?
>>
>> Rodman
>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>