[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Rodman Frowert <frowertr at i dash 1 dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Unable to ping DMZ hosts from LAN
 Date:  Thu, 9 Sep 2004 00:42:19 -0400
On Wed, 8 Sep 2004 20:41:53 -0500, Rodman Frowert <frowertr at i dash 1 dot net> wrote:
> What default rule are you speaking of, Chris?  The only default rule I
> remember seeing when I installed M0n0 was a rule for the LAN interface that
> allowed any traffic originating from the LAN to go anywhere.  I don't
> remember seeing a rule for the OPT1 (DMZ) interface.
> 

Ah, I must have put that rule there myself at some point, now that
I've done some further testing.  Sorry to mislead.

Just add a rule to the DMZ interface allowing all from any to any. 
You should then be able to ping from LAN->DMZ and vice versa.

After you get that working, then I would strongly recommend turning
the rule so your DMZ hosts cannot initiate connections into your LAN
(one of the main purposes of a DMZ).


> Reseting isn't really a big deal.  I will just have to dig out that monitor
> again as I am running it headless right now.
> 

If you take out the routes, everything might just work, and you need
not reset it.  If that doesn't fix it, that's what I'd do.  Get a
fresh start, sometimes that's much easier than fixing what's there. 
:)

-Chris