Hi
I am unsure about the function of DMZ on my network. I have set the following set (pf,DNAT,Masquerading)
Private_Lan = 192.168.2.0/24 (IPs assigned via DHCP)
DMZ= 172.16.1.0/24 (IPs assigned via DHCP)
1.DMZ (Network)->Private_Lan (Network)--> Drop and Log
2.DMZ (Network)->Metal zone radio station-->Allow
3. DMZ (Network)->Metal zone radio station port->Metal zone radio station-->Allow
4,5,6,7. Private_Lan (Network)->vpn/DNS-> Allow (rules to allow vpn)
8. Any->utorrent port->utorrent client-->Allow
9,10. Utorrent client->TCP,UDP outgoing connection ports ->any-->Allow
11. Private_Lan (Network)->Any->DMZ ( Network)-->Allow
12.Private_Lan (Network)->IM traffic->Any-->Allow
13.Private_Lan (Network)->web traffic->Any-->Allow
14.Private_Lan (Network)->DMZ (Network)-->Allow
15.DMZ (Network)->IM traffic->Any-->Allow
16.DMZ (Network)->web traffic->Any-->Allow
Masquerading
-----------------
DMZ->Wan interface
DNAT
----------------
Traffic selector: Any → utorrent → WAN Traffic (Address)
Destination translation: uttorent PC
However there is no masquerading rule wth regards to Private network? Should I set one for Private_Lan-->DMZ? Sorry guys but I am really confused. My impression is that Private_Lan should have access via the DMZ and directly to the internet. DMZ should have access to the internet but no the Private_Lan. Could you please point any errors with regards to the DMZ Zone?
I also get a ICMP redirect host alert from the IPS
source: 172.16.1.1 (Gateway defined on the DHCP pool for DMZ Zone) and destination: 172.16.1.2 (client is running utorrent).Utorrent works fine at the client with DNAT defined above
This thread was automatically locked due to age.
