On Wednesday, July 16, 2003, at 06:05 AM, Mohammad Reza wrote:
> dear list
> me and my team build firewall with nice tool fwbuilder, but can
> someone give me any idea, why cant we acces dmz from lan ?
> i attach my last configuration..please help
can you access web servers on the Internet ?
your policy permits only outbound connections from internal LAN on TCP
port 80 (http) and nothing else. At the same time, your NAT rules
intercept this type of connections and redirect them to the transparent
proxy on the firewall, on port 3128. So, when you connect to the web
server on DMZ, your connection gets redirected to the proxy. There is
no rule to permit connections to port 3128 on the firewall, so the
connection can not be established.