Firewall blocks traffic from dmz/lan to wan address
-
hello community,
could someone please help me?
in (2) you can find my rules of dmz
but when i watch in the logs (2) i find that traffic is rejected.could someone please help me?
what is my fault?in dmz i have a webserver which tries to update via (apt-get update)
-
Your second rule is wrong - you are only allowing http to the WAN IP, you want to make that 'any', I think.
-
but doesnt mean 'any' –> lan, wan, dmz, ...
i just want to allow port 80 to wan and not to lan
-
Ah, you didn't say that, sorry. So, yes, you are correct. I think you need two rules then:
deny from dmz to the subnet for LAN (not at my box, so i can't tell you the syntax) and then the allow to any?
-
BTW, if you only have the 2 subnets (LAN and DMZ), I think you can do with 1 rule after all. e.g. for the destination, you pick in the pull-down menu, "LAN subnet", and check the checkbox that says "not". I think this will then allow any outbound HTTP as long is it is not aimed at the LAN subnet.
-
ok i try thanks for your help
very stange solution but i think it must work ???
thx :-)
but question still is there: why doesnt it work with: wan address?
-
because specifying "wan address" means: "filter if the destination is the WAN address". in this case, the wan address is the gateway, not the destination. nothing strange about this.