[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Unable to ping DMZ hosts from LAN
 Date:  Wed, 8 Sep 2004 18:40:11 -0400
On Wed, 8 Sep 2004 08:59:17 -0500, Rodman Frowert <frowertr at i dash 1 dot net> wrote:
> Actually, it makes perfect sesnse.  I just can't get it wor work.  Here is
> what I have setup:
> 
> Static route:
>       Interface Network Gateway Description
>       LAN  10.10.10.0/24  192.168.1.1
> 
> Remember, my Lan is on 192.168.1.0/24 with the m0n0 LAN interface on
> 192.168.1.1
> &
> My DMZ is on 10.10.10.0/24 with the DMZ interface on 10.10.10.1
> 
> I put a rule at the top of my DMZ that says:
> 
>       Proto Source Port Destination Port      Description
>       * LAN Net   * DMZ *      *
> 
> This should allow any traffic into the DMZ from the LAN, correct?
> 


I just set up a DMZ interface, and the only thing I had to change from
the defaults to allow LAN hosts to ping DMZ hosts is to change the
protocol on the default rule for the interface from TCP to any.

Take out your static routes, as they're unnecessary.  One of them is
not set up right, and you've created a routing loop.  (hence the TTL
expired)

Might be easier to reset factory and start from scratch, depending on
what else you have configured - the only thing you need to change is
the protocol on the rule I mentioned above.

-Chris