|
||||||||
Chris is correct. You don't need static routes on directly connected networks; the router implicitly knows the networks it's attached to. The problem is in your firewall rules. (K) ----- Original Message ----- From: "Chris Buechler" <cbuechler at gmail dot com> To: <m0n0wall at lists dot m0n0 dot ch> Sent: Wednesday, September 08, 2004 3:40 PM Subject: Re: [m0n0wall] Unable to ping DMZ hosts from LAN > On Wed, 8 Sep 2004 08:59:17 -0500, Rodman Frowert <frowertr at i dash 1 dot net> > wrote: >> Actually, it makes perfect sesnse. I just can't get it wor work. Here >> is >> what I have setup: >> >> Static route: >> Interface Network Gateway Description >> LAN 10.10.10.0/24 192.168.1.1 >> >> Remember, my Lan is on 192.168.1.0/24 with the m0n0 LAN interface on >> 192.168.1.1 >> & >> My DMZ is on 10.10.10.0/24 with the DMZ interface on 10.10.10.1 >> >> I put a rule at the top of my DMZ that says: >> >> Proto Source Port Destination Port Description >> * LAN Net * DMZ * * >> >> This should allow any traffic into the DMZ from the LAN, correct? >> > > > I just set up a DMZ interface, and the only thing I had to change from > the defaults to allow LAN hosts to ping DMZ hosts is to change the > protocol on the default rule for the interface from TCP to any. > > Take out your static routes, as they're unnecessary. One of them is > not set up right, and you've created a routing loop. (hence the TTL > expired) > > Might be easier to reset factory and start from scratch, depending on > what else you have configured - the only thing you need to change is > the protocol on the rule I mentioned above. > > -Chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > |