Firewall/NAT

Hi,

I built a firewall based on monowall with 4 interfaces (WAN, LAN, DMZ and OPT).

I found something strange trying to setup some rules in the firewall. The aim of the rule was to allow HTTP protocol from DMZ to WAN. First of all (in order to check how things were working), I have made a PASS rule (in DMZ section) from ANY to ANY with HTTP as destination protocol. And as expected everything was working very fine. But this rule allows DMZ to contact LAN on HTTP protocol as well so I needed to be more precise in the definition of rule. Then I changed the rule to PASS from ANY to WAN Address with HTTP as destination protocol and then I could not use HTTP even to the outside world. Did I make something wrong ? What is the real meaning of "WAN Address" Huh

A I supposed to make a PASS rule from ANY to ANY and then make REJECT rules from ANY to LAN and from ANY to OPT ??

All the input that could help me to clarify this topic would be extremely welcome.

Regards,
Chris

You're putting the rules on the wrong interface. Rules are applied inbound on the interface the traffic is initially received, so to allow traffic from the Internet you need rules on your WAN.

&cmb

The aim of the rule was to allow HTTP protocol from DMZ to WAN.

Oh - in that case, it's on the right interface, you just need the rule to be more restrictive if you don't want to allow HTTP to the LAN. Change the allow rule to use destination "not" your LAN subnet.

I had precisely this same issue, with the same sort of set-up (four port Ethernet card: DMZ, LAN, WAN, OPT[MGMT]).  This solution solved the problem that I was having (Thanks, by the way!), but it still leaves the concept of a 'WAN Address' to be somewhat confusing, could you clarify this point a little bit?
To clarify my question a little more, what is considered a WAN Address in this context?  The original poster asked this question but it wasn't answered in the later posts.

(I hope it's OK that I post this question here, it seems relevant to the original question...)

Thanks!