Firewall/NAT

Hi there,

my small m0n0wall blocks traffic in my ISP's net.

WAN sis2: 188.20.97.18/16
DMZ sis0: 192.168.2.0/24

IP 188.20.123.242 wants to access one of my HTTP servers (192.168.2.10), but all traffic FROM my webserver to the customer gets blocked:

Code:

Oct  5 20:05:22 nano ipmon[125]: 20:05:22.093998 sis2 @200:30 p 188.20.123.242,62956 -> 192.168.2.10,80 PR tcp len 20 48 -S K-S IN NAT
Oct  5 20:05:24 nano ipmon[125]: 20:05:24.602837 sis0 @0:29 b 192.168.2.10,80 -> 188.20.123.242,62955 PR tcp len 20 48 -AS IN OOW
Oct  5 20:05:25 nano ipmon[125]: 20:05:25.147281 sis0 @0:29 b 192.168.2.10,80 -> 188.20.123.242,62956 PR tcp len 20 48 -AS IN OOW
Oct  5 20:05:27 nano ipmon[125]: 20:05:27.116236 sis0 @0:29 b 192.168.2.10,80 -> 188.20.123.242,62955 PR tcp len 20 48 -AS IN OOW
Oct  5 20:05:28 nano ipmon[125]: 20:05:28.484871 sis0 @0:29 b 192.168.2.10,80 -> 188.20.123.242,62956 PR tcp len 20 48 -AS IN OOW
Oct  5 20:05:30 nano ipmon[125]: 20:05:30.072880 sis0 @0:29 b 192.168.2.10,80 -> 188.20.123.242,62955 PR tcp len 20 48 -AS IN OOW
Oct  5 20:05:31 nano ipmon[125]: 20:05:31.271924 sis0 @0:29 b 192.168.2.10,80 -> 188.20.123.242,62956 PR tcp len 20 48 -AS IN OOW
Oct  5 20:05:33 nano ipmon[125]: 20:05:33.777917 sis0 @0:29 b 192.168.2.10,80 -> 188.20.123.242,62956 PR tcp len 20 48 -AS IN OOW
Oct  5 20:05:40 nano ipmon[125]: 20:05:40.659052 sis0 @0:29 b 192.168.2.10,80 -> 188.20.123.242,62955 PR tcp len 20 48 -AS IN OOW
Oct  5 20:05:44 nano ipmon[125]: 20:05:44.364287 sis0 @0:29 b 192.168.2.10,80 -> 188.20.123.242,62956 PR tcp len 20 48 -AS IN OOW
Oct  5 20:06:01 nano ipmon[125]: 20:06:01.834185 sis0 @0:29 b 192.168.2.10,80 -> 188.20.123.242,62955 PR tcp len 20 48 -AS IN OOW
Oct  5 20:06:05 nano ipmon[125]: 20:06:05.716357 sis0 @0:29 b 192.168.2.10,80 -> 188.20.123.242,62956 PR tcp len 20 48 -AS IN OOW
Oct  5 20:06:44 nano ipmon[125]: 20:06:44.356855 sis0 @0:29 b 192.168.2.10,80 -> 188.20.123.242,62955 PR tcp len 20 48 -AS IN OOW
Oct  5 20:06:48 nano ipmon[125]: 20:06:48.238647 sis0 @0:29 b 192.168.2.10,80 -> 188.20.123.242,62956 PR tcp len 20 48 -AS IN OOW

any ideas?

thanks,
stephan

Make sure your NAT rules match the firewall rules. do a full reboot after you apply them too.

Also you might want to disable the "block all private networks" rule from the WAN settings page. Ive had issues with it.