Firewall blocks traffic from dmz/lan to wan address

  • hello community,

    could someone please help me?
    in (2) you can find my rules of dmz
    but when i watch in the logs (2) i find that traffic is rejected.

    could someone please help me?
    what is my fault?

    in dmz i have a webserver which tries to update via (apt-get update)

  • Your second rule is wrong - you are only allowing http to the WAN IP, you want to make that 'any', I think.

  • but doesnt mean 'any' –> lan, wan, dmz, ...

    i just want to allow port 80 to wan and not to lan

  • Ah, you didn't say that, sorry.  So, yes, you are correct.  I think you need two rules then:

    deny from dmz to the subnet for LAN (not at my box, so i can't tell you the syntax) and then the allow to any?

  • BTW, if you only have the 2 subnets (LAN and DMZ), I think you can do with 1 rule after all.  e.g. for the destination, you pick in the pull-down menu, "LAN subnet", and check the checkbox that says "not".  I think this will then allow any outbound HTTP as long is it is not aimed at the LAN subnet.

  • ok i try thanks for your help

    very stange solution but i think it must work ???

    thx :-)

    but question still is there: why doesnt it work with: wan address?

  • because specifying "wan address" means: "filter if the destination is the WAN address".  in this case, the wan address is the gateway, not the destination.  nothing strange about this.

Log in to reply