BSD Wiz wrote: > > ah, i don't have any 1:1 nat entries, or static routes for this firewall > issue. so when the traffic hits the WAN interface perhaps it's not > always finding it's way to the voip box in the dmz? > > i have added a 1:1 mapping as follows: > > Interface External IP Internal IP > Description > > WAN 216.181.136.7/32 10.0.0.1/32 VoIP Box > > > > where 10.0.0.1/32 is the ip of the DMZ interface. > > should that be sufficient? > > i can see why some of the traffic was not making it through since i only > had a rule to allow traffic from 216.181.136.7 but no port forwarding, > static routes or 1:1 nat entries.
seems reasonable to me, you should know if it's working by testing. use tcpdump on firewall, on each interface in turn to see traffic flow... use "tcpdump -ln port XXX" to limit the amount of traffic you sniff. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]