[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Rodman Frowert <frowertr at i dash 1 dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Unable to ping DMZ hosts from LAN
 Date:  Thu, 9 Sep 2004 00:42:19 -0400
On Wed, 8 Sep 2004 20:41:53 -0500, Rodman Frowert <frowertr at i dash 1 dot net> wrote:
> What default rule are you speaking of, Chris?  The only default rule I
> remember seeing when I installed M0n0 was a rule for the LAN interface that
> allowed any traffic originating from the LAN to go anywhere.  I don't
> remember seeing a rule for the OPT1 (DMZ) interface.

Ah, I must have put that rule there myself at some point, now that
I've done some further testing.  Sorry to mislead.

Just add a rule to the DMZ interface allowing all from any to any. 
You should then be able to ping from LAN->DMZ and vice versa.

After you get that working, then I would strongly recommend turning
the rule so your DMZ hosts cannot initiate connections into your LAN
(one of the main purposes of a DMZ).

> Reseting isn't really a big deal.  I will just have to dig out that monitor
> again as I am running it headless right now.

If you take out the routes, everything might just work, and you need
not reset it.  If that doesn't fix it, that's what I'd do.  Get a
fresh start, sometimes that's much easier than fixing what's there.