Re: [m0n0wall] Firewall and Routing Problem between Lan and DMZ

From:	"Rodman Frowert" <frowertr at i dash 1 dot net>
To:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] Firewall and Routing Problem between Lan and DMZ
Date:	Fri, 10 Sep 2004 09:58:11 -0500

Andreas wrote:

----- Original Message ----- 
From: "Andreas Busch" <monomailing at linuxfriends dot org>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Friday, September 10, 2004 9:35 AM
Subject: [m0n0wall] Firewall and Routing Problem between Lan and DMZ

>I have a Wrap Box with 3 NICs
>
> 1. Lan 1 192.168.200.254
> 2  DMZ  192.168.1.254
> 3. WAN  dynamic IP
>
> Now ich want to block all traffic between
> that  both networks LAN and DMZ.
> LAN and DMZ have only to see the WAN nothing else.
> I have tested much different config  settings
> but it didnt work.
>
> What is the right way do block  the traffic?
>
> thanks for your assistance
>
> Andreas Busch
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>

Was your DMZ setup as OPT1 during setup and was your LAN setup as the LAN 
interface during setup?  If so, then by default, m0n0 will block all traffic 
traffic to your LAN from the DMZ.  You don't have to do anything for this.

To block all traffic from going from your LAN to your DMZ, you simply need 
to edit the default LAN rule to say that any traffic from LAN to a 
destination of NOT DMZ with any port.  It looks like this in the rule table:

Proto        Source        Port        Destination        Port
*              LAN           *            ! DMZ               *

Just make sure you have the NOT DMZ in there and that should take care of 
it.

Rodman