I have several static IPs from my provider, mapped to servers on DMZ. I can access WAN from DMZ and LAN, but servers on DMZ are inaccessible from WAN!
I tried to copy MAC address from my other FW, didn't help. All settings looks right for me... Any body have an idea what's the problem? Thanks...
My configuration:
WAN 212.xxx.xxx.xxx/28, subnet 255.255.255.240 ("Block private networks" active)
DMZ 10.xxx.xxx.xxx/24, subnet 255.255.255.0
LAN 192.168.xxx.xxx/24, subnet 255.255.255.0
Example: I need to access my mailserver
WAN server IP: 212.xxx.xxx.202, server IP on DMZ 10.xx.xx.2
I have created aliases for every server, example:
Name: Mailserver Address: 10.xx.xx.2
I created server NAT, example:
External IP address: 212.xxx.xxx.202
I have no 1:1 NAT, no Outbound NAT settings (no advanced outb. NAT)
I have only Inbound NAT mappings, example:
WAN TCP 80 (http) NAT IP: Mailserver (ext.: 212.xxx.xxx.202) 80 (http)
The fw rules are created automativcally, example:
WAN: TCP * * Mailserver 80 (HTTP)
My DMZ rules are:
(red X) * * * LAN net * Reject DMZ traffic to LAN
(green arrow) * DMZ net * ! LAN net * permit DMZ to any *BUT* LAN
My LAN rules are:
(green arrow) * LAN net * * * Default LAN -> any
No other settings.
PS. I would be very get it solved a.s.a.p, and I pay for this help of course...
I just need to get the new FW up and running. Thanks!
m0n0wall Forum > m0n0wall Support (English) > Firewall/NAT
Topic: servers on DMZ inaccessible from WAN
