[ previous ] [ next ] [ threads ]
 
 From:  Andreas Busch <monomailing at linuxfriends dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Firewall and Routing Problem between Lan and DMZ
 Date:  Fri, 10 Sep 2004 17:53:26 +0200 
>Two firewall rules should do it:
>
>1) Change default LAN interface rule to pass traffic from LAN net to any
>*not* DMZ (! DMZ) this would look like: PASS "LAN net":any -> ! "DMZ
>net":any (protocol = any)
>
>  
>
>2) Create/edit default DMZ interface rule to pass traffic from DMZ net to
>any *not* LAN (! LAN) this would look like: PASS "DMZ net":any -> ! "LAN
>net":any (protocol = any)
>
>I just tested this. When I changed my default LAN rule to be *not* LAN2 (my
>DMZ) I was not able to access the web interface of my wireless AP on that
>network. I already have a LAN2 rule to not allow access to LAN - except for
>access to a NTP server.
>
>Keep mind that the rules are parsed from top to bottom. If you want to allow
>access from the DMZ to a LAN resource you will need to specify this before
>the *not* LAN rule. The same goes with LAN to DMZ access
>

thank you for your support

all works fine


regards

Andreas Busch