|
||||||||||
Two firewall rules should do it: 1) Change default LAN interface rule to pass traffic from LAN net to any *not* DMZ (! DMZ) this would look like: PASS "LAN net":any -> ! "DMZ net":any (protocol = any) 2) Create/edit default DMZ interface rule to pass traffic from DMZ net to any *not* LAN (! LAN) this would look like: PASS "DMZ net":any -> ! "LAN net":any (protocol = any) I just tested this. When I changed my default LAN rule to be *not* LAN2 (my DMZ) I was not able to access the web interface of my wireless AP on that network. I already have a LAN2 rule to not allow access to LAN - except for access to a NTP server. Keep mind that the rules are parsed from top to bottom. If you want to allow access from the DMZ to a LAN resource you will need to specify this before the *not* LAN rule. The same goes with LAN to DMZ access. _________________________________ James W. McKeand -----Original Message----- From: Andreas Busch [mailto:monomailing at linuxfriends dot org] Sent: Friday, September 10, 2004 10:36 AM To: m0n0wall at lists dot m0n0 dot ch Subject: [m0n0wall] Firewall and Routing Problem between Lan and DMZ I have a Wrap Box with 3 NICs 1. Lan 1 192.168.200.254 2 DMZ 192.168.1.254 3. WAN dynamic IP Now ich want to block all traffic between that both networks LAN and DMZ. LAN and DMZ have only to see the WAN nothing else. I have tested much different config settings but it didnt work. What is the right way do block the traffic? thanks for your assistance Andreas Busch --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |