Firewall/NAT

i have a m0n0wall 1.231 installed and it has been configured to publish terminal service,FTP server and WWW server. all services installed on one same physical server. the problem is that
  1. we can access FTP server and terminal service from internet.
  2. the published www server only can be access from the subnet same as the ip address of m0n0wall's external interface but any other.

anybody can help me? thank you very much.

anybody can help me?

we can access internet from the published server to anywhere.

Can you be more specific about traffic you wish to allow and traffic you wish to block? What services do you want to grant access to and from what interface(s)?

1. allow internal PC access to internet for any service.
2. publish HTTP/FTP/Remote Desktop service with standard port and allow accessed from WAN.

and the web interface of m0n0wall is on port?

I already changed the GUI http port to 8080. if i changed the web server port to another like 8001 and publish it to internet, it can be accessed.

I actually fixed the problem in my topic, the idiot who setup the security server messed up a digit when setting up the gateway portion of the static IP addressing. The packets were routing in, but the server wasn't routing them back out.

Can you show me your rules maybe I can help you better.

rules

* RFC 1918 networks * * * Block private networks
TCP  *  *  172.27.42.213  8001  NAT Web Server Access   
TCP  *  *  172.27.42.213  80 (HTTP)  NAT Web Server Published   

Nat

TCP  *  *  172.27.42.213  8001  NAT Web Server Access   
TCP  *  *  172.27.42.213  80 (HTTP)  NAT Web Server Published   


i can accessed it with http://xxx.com:8001 but http://xxx.com