|
||||||||
If I remember right if you use the OPT interfaces you need to turn on the advanced NAT function so you can specify which interfaces are NAT'ed. -josh bardt > There will also need to be a rule on the lan interface that allows > traffic > from the dmz to the lan. > > > -----Original Message----- > From: Rodman Frowert [mailto:frowertr at i dash 1 dot net] > Sent: Tuesday, September 07, 2004 11:47 AM > To: m0n0wall at lists dot m0n0 dot ch > Subject: Re: [m0n0wall] Unable to ping DMZ hosts from LAN > > > Hey Terry, > > Yes the machines (actually they are wireless access points) are set to > respond to pings. I can ping them through the webgui interface of m0n0 > just > > fine. They are also set to use m0n0 as their gateway. They work just > fine > as far as using them for access points for my hotspot. I just can't > talk to > > them from my LAN. :-( > >> Do the firewalls allow telnet and ICMP? > > Well, they only firewall for my LAN device is: > > Proto: Source: Port: Destination: Port: > * Lan net * * * > > I assume this would allow anything to pass to the DMZ (as well as > everywhere > > else) as long as I don't specifically have a rule set for the DMZ > interface > to block LAN requests... > > I tried setting up a firewall rule in the DMZ and put it at the top that > had: > > Proto: Source: Port: Destination: Port: > * Lan net * DMZ * > > and... > > Proto: Source: Port: Destination: Port: > * * * * * > > Neither of these had any effect. I still can't talk to any of the AP's > in > my DMZ from my LAN. > > Rodman > > ----- Original Message ----- > From: "Terry Miller" <terry at millfam dot org> > To: <m0n0wall at lists dot m0n0 dot ch> > Sent: Tuesday, September 07, 2004 11:18 AM > Subject: RE: [m0n0wall] Unable to ping DMZ hosts from LAN > > > Is the machine in the dmz set to use monowall as the default gateway and > respond to pings? Do the firewalls allow telnet and ICMP? > > I was just burned on step 1 last week. > > > > -----Original Message----- > From: Rodman Frowert [mailto:frowertr at i dash 1 dot net] > Sent: Tuesday, September 07, 2004 10:34 AM > Cc: m0n0wall at lists dot m0n0 dot ch > Subject: [m0n0wall] Unable to ping DMZ hosts from LAN > > > Hey guys, > > I looked through the archives and didn't find any answers I thought > would be > > beneficial to me so I thought I would ask. I can't seem to ping > anything in > > the DMZ (other than my m0n0 DMZ interface) from my LAN. Now I can ping > DMZ > hosts from the m0n0 GUI, however. > > Is there something that is set that is preventing me from talking to DMZ > hosts from my LAN? I only have one LAN rule and it is the default rule > that > > was enabled with m0n0 was installed: Default LAN --> any. The DMZ > rules I > have set apply to what can come out of the DMZ only because this is my > hotspot. > > I would like to eventually put a webserver in my DMZ, so you can imagine > I > at least need telnet access to the machine from my LAN. > > My LAN is 192.168.1.x/24 > My DMZ is 10.10.10.x/24 > > What am I missing? Am I going to have to bridge these two to do what I > want > > to do? > > Rodman > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > |