[ previous ] [ next ] [ threads ]
 
 From:  "Adrian Wiesmann" <awiesmann at swordlord dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Routing / NAT
 Date:  Tue, 21 Oct 2003 12:58:25 +0200 (CEST)
Hi all

I am not quite sure if I get something wrong or do something wrong. Please
let me explain the test scenario:

I have some Soekris Box with m0n0 on it within such topology:

Upstream/ISP - m0n0 - LAN
                 |
                DMZ

The IP ranges are like that:

Upstream - Public IP - m0n0 - NAT / 192.168.100.0/24 - LAN
                         |
                     194.230.x.0/24
                         |
                        DMZ

Which means there are WAN to the ISP, LAN as a private network with NAT
from the inside out and the OPT2 interface as DMZ with public addresses.

Now I want the requests to the DMZ to be routed from the WAN to the DMZ by
m0n0. The LAN interface should be nated only from the inside out.

I also added some rule to the firewall allowing HTTPS from WAN to DMZ
through:

<rule>
  <protocol>tcp/udp</protocol>
  <external-port>443</external-port>
  <target>194.x.x.15</target>
  <local-port>443</local-port>
  <descr>WAN -> DMZ (HTTPS)</descr>
</rule>

I also added one rule allowing all traffic from the DMZ to the WAN.

My problem is now, that this does not work. Going from the DMZ->WAN always
is making NAT. Going from the WAN->DMZ does simply not work.

What am I missing? Or is something wrong with the m0n0 fw?

Thanks for your help in advance,
Adrian