Simple DMZ routing issue
-
Basic setup… WAN is Internet routable, LAN is a routable DMZ and OPT1 is a non-routable subnet.
OPT1 can easily hit the internet
LAN can hit the internet, and the internet can hit it
OPT1 can not do anything to the LAN subnet, not even ping the GW
OPT1 can ping to the WAN subnetAm I missing a NAT rule... when I sniff on the LAN port I don;t see anything coming from the OPT1 subnet
Thanks in advance.
-
Open the Lan interface for the Opt, so that you can ping from Opt to Lan but not the other way round.
-
I already have that done. In the LAN rules I have a rule for source OPT1-net to any with logging enabled.
What is weird is that there are NO drop or reject messages in the firewall log, though I do see the traffic being allowed out from the OPT1 interface.
When sniffing I never see the traffic on the LAN interface. it's almost like the traffic isn't being routed. All boxes use the firewall as the gateway, so I would expect the see something. It's almost like I am missing a setting that would allow routing. I am not blocking RFC 1918 addresses.
-
I figured it out… reboot the firewall!
Thanks
Erik -
Perfect. I am happy to hear that. ;)