[ previous ] [ next ] [ threads ]
 
 From:  zealot <zealot at tradersguild dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Unable to ping DMZ hosts from LAN
 Date:  Tue, 07 Sep 2004 12:07:24 -0500 
Rodman Frowert wrote:

> Hello Chet,
> 
> The default rule for my LAN currently is this:
> 
> Proto:    Source:    Port:    Destination:    Port:
> *            Lan net       *       *                    *
> 
> Since I have the destination set to "any" it should allow access to the 
> DMZ, correct?  I did try this to the LAN as well:
> 
> Proto:    Source:    Port:    Destination:    Port:
> *            Lan net       *       DMZ                *
> 
> But that had no effect.  I looked in the static route config, but got a 
> little confused.  HMmm....
> 
> Rodman
> 
> 
> ----- Original Message ----- From: "Chet Harvey" <chet at pittech dot com>
> To: "Rodman Frowert" <frowertr at i dash 1 dot net>
> Cc: <m0n0wall at lists dot m0n0 dot ch>
> Sent: Tuesday, September 07, 2004 11:17 AM
> Subject: Re: [m0n0wall] Unable to ping DMZ hosts from LAN
> 
> 
>> You will have to add a allow rule from LAN to DMZ. The default LAN > 
>> any is to
>> thw WAN interface. (going from memory here since I dont have a m0n0 in 
>> front of
>> me.
>>
>> May need to add a static route too.
>>
>> Chet Harvey
>> Pitbull Technologies <http://www.pittech.com/>
>> Protecting your Digital Assets
>> 703.407.7311
>>
>>
>> Quoting Rodman Frowert <frowertr at i dash 1 dot net>:
>>
>>> Hey guys,
>>>
>>> I looked through the archives and didn't find any answers I thought 
>>> would be
>>>
>>> beneficial to me so I thought I would ask.  I can't seem to ping 
>>> anything in
>>>
>>> the DMZ (other than my m0n0 DMZ interface) from my LAN.  Now I can 
>>> ping DMZ
>>> hosts from the m0n0 GUI, however.
>>>
>>> Is there something that is set that is preventing me from talking to DMZ
>>> hosts from my LAN?  I only have one LAN rule and it is the default 
>>> rule that
>>>
>>> was enabled with m0n0 was installed:  Default LAN --> any.  The DMZ 
>>> rules I
>>> have set apply to what can come out of the DMZ only because this is my
>>> hotspot.
>>>
>>> I would like to eventually put a webserver in my DMZ, so you can 
>>> imagine I
>>> at least need telnet access to the machine from my LAN.
>>>
>>> My LAN is 192.168.1.x/24
>>> My DMZ is 10.10.10.x/24
>>>
>>> What am I missing?  Am I going to have to bridge these two to do what 
>>> I want
>>>
>>> to do?
>>>
>>> Rodman

Does the following rule exist? If not, try adding it. Afterwards, test 
pinging from LAN to DMZ. Does it work?

Proto:    Source:    Port:    Destination:    Port:
ICMP  	  DMZ net    *        LAN net  	      *

z