News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  General Questions
linktree Topic: Monowall config issues with setting up DMZ
Pages: [1]
Topic: Monowall config issues with setting up DMZ  (Read 2487 times)
« on: June 19, 2007, 05:27:43 »
aliengirl *
Posts: 2
hello to all!

I recently setup mono wall on an old PII system with 4 NIC's and it is functioning well interms of hardware. Now, I find myself at odds in configureing it to pass http request to the DMZ on my Network i have 2 Sun Raq 4 server web apliances on the DMZ and im not able to see them on the web Im running 2 dynamic DNS host names at Dyndns. and so far im able to see the ip of my wan register on Dyndns website.

I had configured the dynamic DNS service, and as far as i can tell that works. but when ever i type in my hostname i cant see my http service.

NETWORK SETUP:

LAN Clients------------------LAN IP 192.168.1.1   MONOWALL  WAN X.X.X.X ---------Internet
                                                                           |           |
SQL SERVER---------SECURE IP 192.168.3.1------|           |
                                                                                       |
                                                                               DMZ IP 192.168.2.1----WEB SERVERS

Here are my curent set up for Inbound NAT:

   if         proto    Ext port range    Nat IP                  Int port range      Description.
WAN      TCP       21(FTP)               192.168.2.11      21(FTP)                 BlueQuartz 1 ftp
WAN      TCP       25(SMTP)             192.168.2.11     25(SMTP)               Bluequartz 1 smtp
WAN      TCP       80(HTTP)             192.168.2.11     80(HTTP)                Bluequartz 1 http

WAN      TCP       80(HTTP)             192.168.2.10     80(HTTP)               Bluequartz 2 http

I had created firewall ruse automatically for them. i havent used the Dns forwarder, i dont really understand it and i havent found any detail info on the monowall documentation site.

Any ideas how to set this up and should i use an Iternal DNS to resolve my ips on the DMZ. I hope ive made sence here im new to OPEN source so bear with me.

Alien girl Out, thanks!
« Reply #1 on: June 19, 2007, 15:45:46 »
markb ****
Posts: 331
Hi.
As far as I know you can only have 1 NAT rule per port.  I.e. you have 2 entries for http. How is it supposed to know where to go.  If you want to have more that one web server on your DMZ I believe that you would need to get some public IP addresses and bridge your WAN and DMZ interfaces (Don't quote me on the last be though coz I've never done it  Smiley)

Hope this helps

Mark.
« Reply #2 on: June 20, 2007, 17:15:23 »
aliengirl *
Posts: 2
Thanks! markb ill give it a try, i didnt think about bridging the WAN toDMZ though thanks for the input.

Aliengirl out!
« Reply #3 on: June 20, 2007, 17:35:13 »
markb ****
Posts: 331
Check out http://doc.m0n0.ch/handbook/examples-filtered-bridge.html this should give you a starting point for the bridge.
« Reply #4 on: June 21, 2007, 04:23:13 »
cmb *****
Posts: 851
Unless you want to use a bridge setup for some reason (it doesn't sound like you have adequate public IP's for that), you need NAT rules and firewall rules to permit traffic through the NAT rules. The traffic you're permitting isn't going anywhere because you don't have corresponding NAT rules.

And, you can't open port 80 to two different machines on a single public IP with any NAT device.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines