General Questions

 

I have a brand new install.  This is a test install to learn the basics.  I can create port forwarding that I can forward to my DMZ from outside of the WAN IF.  But when I try to ping out the WAN from the LAN no luck.   I cant ping any of the 4 interfaces that I have on the box from the LAN. 

Should I be able to ping any of the interface IP's that I have in the box from the LAN with the default install config ?
Do I need to create rules for this to happen?

You definetely should be able to ping the LAN IP of the m0n0 box from your LAN subnet.  You can start see'ing whats going on by checking the firewall log entries and seeing where its getting blocked at.  By default, I believe, you can do this with no editing of the firewall rulesets.

The default ruleset for the LAN subnet is:  any protocol from LAN subnet, on any port, to any destination to any port.  So basically, anything goes for the LAN subnet.  Check your configs and see whats going on with it.

You can not ping natted services from the LAN.  This is a design limitation.  You need to ping the DMZ systems using the real IP addresses of those systems.

You can not ping natted services from the LAN.  This is a design limitation.  You need to ping the DMZ systems using the real IP addresses of those systems.

Actually it is done correctly, not a limitation.  And pinging things on your DMZ assumes you are allowing ICMP between your LAN and DMZ (OPT1) inteface.  So yes, a rule might need to be setup.