General Questions

Hi, I have some noob questions...

I want to set up Monowall with three NIC's, Nic 1 = WAN, Nic 2=DMZ(server), Nic 3=LAN(desktop(s)) but I have some questions about how it works.

I am not going to be able to use any internal ip numbers to connect from LAN on Nic 3 to a server on DMZ Nic2, right?

Can I connect to a server on DMZ from a client on LAN by entering the external ip?

As I understand Monowall does not support connections from inside the LAN to a server inside the LAN with use of an external ip, there by the previous question if it is possible with a separate NIC as a DMZ.

By doing this I am also making the LAN safer because if the server gets hacked they can't get access to my LAN, at least not easy, right?

Here is a picture that shows what i mean, where the firewall is monowall.
http://sv.wikipedia.org/wiki/Fil:Demilitarized_Zone_Diagram.png

You might want to peruse the m0n0wall handbook http://doc.m0n0.ch/handbook-single/

Section 13.1 covers DMZ.

Thanx that was some good reading but my English is not the best so I still have to ask, is it possible to from a client computer on the LAN connect to the server computer on the DMZ by it's external IP address?

I am going to use inbound NAT on the LAN and 1:1 on DMZ, I have two external IP's one for the server on DMZ and one for the LAN clients where the Monowall box acts as the DHCP server.

No, it's not currently possible to connect from LAN back to a WAN IP, either by number or a name that resolves to a WAN IP. You must use the DMZ IP or a name that resolves to it.

Okej, thank you for your quick answers.

Hope that possibility will be implemented zone =)

The best work around is to put an entry for the external host name of the server you want to connect to into your DNS server (DNS Forwarder if using Monowall for DNS) and have it resolve to your internal Ip address.  This way you get name resolution.