[ previous ] [ next ] [ threads ]
 
 From:  "Rodman Frowert" <frowertr at i dash 1 dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Unable to ping DMZ hosts from LAN
 Date:  Wed, 8 Sep 2004 20:41:53 -0500 
Chris wrote:


> I just set up a DMZ interface, and the only thing I had to change from
> the defaults to allow LAN hosts to ping DMZ hosts is to change the
> protocol on the default rule for the interface from TCP to any.
>
> Take out your static routes, as they're unnecessary.  One of them is
> not set up right, and you've created a routing loop.  (hence the TTL
> expired)
>
> Might be easier to reset factory and start from scratch, depending on
> what else you have configured - the only thing you need to change is
> the protocol on the rule I mentioned above.
>
> -Chris

What default rule are you speaking of, Chris?  The only default rule I
remember seeing when I installed M0n0 was a rule for the LAN interface that
allowed any traffic originating from the LAN to go anywhere.  I don't
remember seeing a rule for the OPT1 (DMZ) interface.

I'll take out the static route...

Reseting isn't really a big deal.  I will just have to dig out that monitor
again as I am running it headless right now.

Rodman