Firewall/NAT

Dear´s, I have a little problem with a m0n0wall, it has 4 interfaces (the classic WAN and LAN and add two more, both are both NIC's physical)
The issue is that from the other two OPT can not navigate or browse the internet, but from the LAN could browse the internet, from the OPT's to the LAN i have no problem, from the LAN to the OPT's no problem ... i make ping from the LAN to devices on the OPT's and its work fine, and from the OPT's to the LAN same thing.
Also i make IPSEC Tunnels to each network ( LAN and the 2 OPT's inclusive the PPTP VPN Range  ) and from the remote tunnel i can make ping and has reponse from each of the devices on each of the adapter ( LAN, OPT's and PPTP Clientes connected on these time )
Some one has any idea that I need set, o forgeret some thing to set ? .. I leave a few screen shots of the interfaces and the rules in the same ...

http://forum.m0n0.ch/index.php?action=dlattach;topic=5636.0;attach=811;image

http://forum.m0n0.ch/index.php?action=dlattach;topic=5636.0;attach=813;image

http://forum.m0n0.ch/index.php?action=dlattach;topic=5636.0;attach=815;image

http://forum.m0n0.ch/index.php?action=dlattach;topic=5636.0;attach=817;image

http://forum.m0n0.ch/index.php?action=dlattach;topic=5636.0;attach=819;image

http://forum.m0n0.ch/index.php?action=dlattach;topic=5636.0;attach=821;image

http://forum.m0n0.ch/index.php?action=dlattach;topic=5636.0;attach=823;image

These post on Spanish area

http://forum.m0n0.ch/index.php/topic,5636.0.html

Firewall rules for the interface you've selected (via Tab) will be applied for every incoming (!) packet on the selected interface from the firewall's perspective. If a packet has been allowed by a rule it does not also have to pass the rules of its destination interface.

From the m0n0wall doc: "First remember rules are processed top down, and the first match is the only rule that applies."

1. If you allow traffic from "LAN -> any" another rule for "LAN -> LAN" traffic is not necessary.
2. Rules below "LAN -> LAN" are not applying the way you think they are because packets to LAN from another interface will be handled by the rules for these interfaces

The following should be sufficient for what you want to achieve:

LAN

Proto	Source	Port	Destination	Port	Description
*	LAN net	*	*	*	LAN -> *

WAN

Proto	Source	Port	Destination	Port	Description
ICMP	*	*	WAN address	*	NAT ICMP -> WAN

DMZ

Proto	Source	Port	Destination	Port	Description
*	DMZ net	*	*	*	DMZ -> *

ADM

Proto	Source	Port	Destination	Port	Description
*	ADM net	*	*	*	ADM -> *

PPTP VPN

Proto	Source	Port	Destination	Port	Description
*	PTTP Clients	*	*	*	PPTP -> *

IPsec VPN

Proto	Source	Port	Destination	Port	Description
*	*	*	*	*	Any -> *

I don't see a reason why you might have trouble reaching WAN from ADM/DMZ. As you are logging your rules anyway could you post your firewall log? I'm not sure whether blocked packets are logged by default. You may have to add a rule below e.g. "ADM -> any" that blocks everything and logs it.

I solved .. i miss to configure in NAT OutBound the new networks to browser ...

Regards