[ previous ] [ next ] [ threads ]
 
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Cc:  "'Andreas Busch'" <monomailing at linuxfriends dot org>
 Subject:  RE: [m0n0wall] Firewall and Routing Problem between Lan and DMZ
 Date:  Fri, 10 Sep 2004 11:05:56 -0400
Two firewall rules should do it:

1) Change default LAN interface rule to pass traffic from LAN net to any
*not* DMZ (! DMZ) this would look like: PASS "LAN net":any -> ! "DMZ
net":any (protocol = any)

2) Create/edit default DMZ interface rule to pass traffic from DMZ net to
any *not* LAN (! LAN) this would look like: PASS "DMZ net":any -> ! "LAN
net":any (protocol = any)

I just tested this. When I changed my default LAN rule to be *not* LAN2 (my
DMZ) I was not able to access the web interface of my wireless AP on that
network. I already have a LAN2 rule to not allow access to LAN - except for
access to a NTP server.

Keep mind that the rules are parsed from top to bottom. If you want to allow
access from the DMZ to a LAN resource you will need to specify this before
the *not* LAN rule. The same goes with LAN to DMZ access.

_________________________________
James W. McKeand


-----Original Message-----
From: Andreas Busch [mailto:monomailing at linuxfriends dot org] 
Sent: Friday, September 10, 2004 10:36 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Firewall and Routing Problem between Lan and DMZ

I have a Wrap Box with 3 NICs

1. Lan 1 192.168.200.254
2  DMZ  192.168.1.254
3. WAN  dynamic IP

Now ich want to block all traffic between that  both networks LAN and DMZ.
LAN and DMZ have only to see the WAN nothing else.
I have tested much different config  settings but it didnt work.

What is the right way do block  the traffic?

thanks for your assistance

Andreas Busch



---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch