General Questions

Hello monowall-user
I'm trying to set up monowall with a typical firewall configuration. But there are still a few problems I still couldn't solve. But first my config:
My public WAN-IP subnet: 212.160.61.76/30
78 ist my WAN-IP, 77 my GatwayIP at my ISP router
My public DMZ-IP subnet: 212.160.43.208/29
209 ist my DMZ-IP
My private LAN-IP subnet: 192.168.1.0/24
192.168.1.1 is my LAN-IP

Then I set up a few basic firewall rules for testing:
-All DMZ-Hosts should be able to send to any IP and any port.
-Specific ISP IPs should be able to send to DMZ IPs.
-I set up portforwarding to IP 192.168.1.1 for remote managing.

My problems:
-If I send a ping from outside to a DMZ IP (212.160.43.212) I get an answer from my WAN IP 212.160.61.78
-All connections to specific ports on a DMZ IPs result in a timeout. (Firewall rules are there)

Has anybody a hint for me?
I think bridging DMZ to WAN is no solution cause of the different subnets. http://doc.m0n0.ch/handbook/examples-filtered-bridge.html
Regards and many thanks for your help
Florian

I think that you will need to look at Advanced NAT for your scenario.  As I see it you want NAT on your LAN segment as it is a private range and no NAT on your DMZ to enable it to function as a seperate segment.  You should be able to achieve this with a single outgoing NAT rule for your LAN segment and enabling Advanced NAT which removes the automatic rules of NAT on all local subnets.  You then need to think carefully about your rules.  Hope this helps.

thanks markb
that helped me lot.
I've activated "Enable advanced outbound NAT" and created an outbound NAT rule for local LAN subnet.
...and it works.

Florian