Firewall/NAT

I am setting up m0n0wall as a replacement for out 3com superstack firewall and I am having lots of trouble under standing the nat and  firewall rules. I know anything comming from the WAN would need a nat rule + a firewall rule. What if I want to allow https from the dmz to lan? Do I need a nat rule for that? Here are some details..

lan - 192.168.10.1
dmz - 192.168.101.1
wan - 207.xxx.xxx.xxx

I need to allow https from 192.168.101.11 to a range of ips 192.168.10.30 to 192.168.10.35.

How would I do this? Please help, the more I think about it the more confused I get. Thanks

You don't need a NAT rule. You need to create a firewall rule thus:

Action: Pass
Interface: LAN
Protocol: TCP
Source: Network/ Single host or alias (you will need to create a rule for each of 10.30 through 10.35, or a couple rules with subnets to cover these same addresses)
Destination: 101.11
Destination port range: https

That should do it.

db

in a point of security. why do you want to allow traffic from a DMZ to LAN... 

in a point of security. why do you want to allow traffic from a DMZ to LAN... 

Although kpeterson did say that, I made the perhaps erroneous assumption that he or she meant that the https server is on the DMZ (101.11) while the clients that need access are on the LAN (10.30 - 1-.35). This is the scenario I drew up a rule for in my previous post, however I could be wrong in my assumption.

db

I got it all figured out, Thanks for the help. I just havent encounter a firewall that had nat rules and firewall rules I was a little confused. Now I am having trouble when I connect m0n0wall to my lan, dmz and wan work but I get no link on the lan. No idea whats going on.

You should start a new thread for this.

db