> Now that my system is FINALLY up and working at 95%, there is one thing
not
> behaving as expected. I have been looking thru my doc links, trying to
find
> a reference to this, and came up blank. I thought I had read somewhere
that
> the default behavior was to allow all traffic from Internal to DMZ ---
> useful for managing the servers that live there; but disallowing
> DMZ-initiated traffic back into the Internal network.
This is how things are supposed to work. The internal net to DMZ connection
is made by masquerading the internal net to the IP of the firewall, so
outbound stuff from the internal net to the DMZ is allowed, but the DMZ
systems cannot directly see the internal network.
> Here's what I am getting:
>
> Jun 25 06:42:16 cuinn kernel: Packet log: forward DENY eth1 PROTO=6
> 64.81.226.171:80 192.168.1.201:2539 L=48 S=0x00 I=1095 F=0x4000 T=63 (#41)
>
> For everything, including pings and UDP...
>
> Filters (I'm still no ace at reading this):
For whatever reason, there is no masquerade rule in the forward chain
hooking the internal net to the DMZ...there's just the 'global' masquerade
rule for the internet (on eth0). Post or e-mail your /etc/ipfilter.conf and
I'll take a look at it...
Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
