|
||||||||
I set that exact rule in my DMZ. I think my problem is with static routing. I really don't know what I am doing in there. Am I telling m0n0 that when I want to go to "x" network, it needs to use "y" router to get there? So, for interface on the Static Routing page, I would select LAN, correct? Then I get lost when it asks for the destination network. Right now, my DMZ is set up as following: m0n0 OPT1 interface - 10.10.10.1 switch - 10.10.10.2 access point 1 - 10.10.10.3 access point 2 - 10.10.10.4 What would I put for destination network? For the gateway I am pretty sure I just give it my OPT1 interface which is 10.10.10.1 Thanks for all your continued help guys! Rodman ----- Original Message ----- From: "Chet Harvey" <chet at pittech dot com> To: "Terry Miller" <terry at millfam dot org> Cc: "'Rodman Frowert'" <frowertr at i dash 1 dot net>; <m0n0wall at lists dot m0n0 dot ch> Sent: Tuesday, September 07, 2004 2:19 PM Subject: RE: [m0n0wall] Unable to ping DMZ hosts from LAN > mmmm I don't agree with this as it would defeat the purpose of a DMZ. You > should be able to simply add a rule to allow all LAN traffic to the DMZ. > You > will need a static route from the LAN to the DMZ since they are on > different > networks. That should cover it. You would never want to allow any traffic > from > the DMZ to your LAN unless it was for a specific reason. > > I have a net4521 with one wifi card for internal use (LAN) and the second > as > the captive portal in "DMZ" mode. I also have the second NIC as a server > DMZ. > > I have one rule for each DMZ: > > Proto: Source: Port: Destination: Port: > * Lan * Opt2 * > > I also have a static route for LAN > DMZ > > > wish I could see my box from here so I could give a SS. > > > > Chet Harvey > Pitbull Technologies <http://www.pittech.com/> > Protecting your Digital Assets > 703.407.7311 > > > Quoting Terry Miller <terry at millfam dot org>: > >> There will also need to be a rule on the lan interface that allows >> traffic >> from the dmz to the lan. >> >> >> -----Original Message----- >> From: Rodman Frowert [mailto:frowertr at i dash 1 dot net] >> Sent: Tuesday, September 07, 2004 11:47 AM >> To: m0n0wall at lists dot m0n0 dot ch >> Subject: Re: [m0n0wall] Unable to ping DMZ hosts from LAN >> >> >> Hey Terry, >> >> Yes the machines (actually they are wireless access points) are set to >> respond to pings. I can ping them through the webgui interface of m0n0 >> just >> >> fine. They are also set to use m0n0 as their gateway. They work just >> fine >> as far as using them for access points for my hotspot. I just can't talk >> to >> >> them from my LAN. :-( >> >> >Do the firewalls allow telnet and ICMP? >> >> Well, they only firewall for my LAN device is: >> >> Proto: Source: Port: Destination: Port: >> * Lan net * * * >> >> I assume this would allow anything to pass to the DMZ (as well as >> everywhere >> >> else) as long as I don't specifically have a rule set for the DMZ >> interface >> to block LAN requests... >> >> I tried setting up a firewall rule in the DMZ and put it at the top that >> had: >> >> Proto: Source: Port: Destination: Port: >> * Lan net * DMZ * >> >> and... >> >> Proto: Source: Port: Destination: Port: >> * * * * * >> >> Neither of these had any effect. I still can't talk to any of the AP's >> in >> my DMZ from my LAN. >> >> Rodman >> >> ----- Original Message ----- >> From: "Terry Miller" <terry at millfam dot org> >> To: <m0n0wall at lists dot m0n0 dot ch> >> Sent: Tuesday, September 07, 2004 11:18 AM >> Subject: RE: [m0n0wall] Unable to ping DMZ hosts from LAN >> >> >> Is the machine in the dmz set to use monowall as the default gateway and >> respond to pings? Do the firewalls allow telnet and ICMP? >> >> I was just burned on step 1 last week. >> >> >> >> -----Original Message----- >> From: Rodman Frowert [mailto:frowertr at i dash 1 dot net] >> Sent: Tuesday, September 07, 2004 10:34 AM >> Cc: m0n0wall at lists dot m0n0 dot ch >> Subject: [m0n0wall] Unable to ping DMZ hosts from LAN >> >> >> Hey guys, >> >> I looked through the archives and didn't find any answers I thought would >> be >> >> beneficial to me so I thought I would ask. I can't seem to ping anything >> in >> >> the DMZ (other than my m0n0 DMZ interface) from my LAN. Now I can ping >> DMZ >> hosts from the m0n0 GUI, however. >> >> Is there something that is set that is preventing me from talking to DMZ >> hosts from my LAN? I only have one LAN rule and it is the default rule >> that >> >> was enabled with m0n0 was installed: Default LAN --> any. The DMZ rules >> I >> have set apply to what can come out of the DMZ only because this is my >> hotspot. >> >> I would like to eventually put a webserver in my DMZ, so you can imagine >> I >> at least need telnet access to the machine from my LAN. >> >> My LAN is 192.168.1.x/24 >> My DMZ is 10.10.10.x/24 >> >> What am I missing? Am I going to have to bridge these two to do what I >> want >> >> to do? >> >> Rodman >> >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >> >> > |