[ previous ] [ next ] [ threads ]
 
 From:  Kolia <nika at hotmail dot ge>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch, m0n0wall at lists dot m0n0 dot ch
 Subject:  Transparent bridge
 Date:  Wed, 14 Jul 2004 18:34:04 +0400
I modified '/etc/rc' script slightly and send output of 'ipfstat -i' and
'ipfstat -o' to the display and here's what I got:

>>>> Input rules
pass in quick on lo0 from any to any
block in log quick from any to any with short
block in log quick from any to any with ipopt
pass in quick on xl0 proto udp from any port = 68 to 255.255.255.255/32  
port = 67
pass in quick on xl0 proto udp from any port = 68 to <LAN IP> port = 67
block in log quick on xl1 from <LAN Net> to any
block in log quick on xl1 proto udp from any port = 67 to <LAN Net> port 
= 68
pass in quick on xl1 proto udp from any port = 67 to any port = 68
block in log quick on xl0 from !<LAN Net> to any

<<<< Output rules
pass out quick on lo0 from any to any
pass out quick on xl0 proto udp from <LAN IP> port = 67 to any port = 68
pass out quick on xl1 proto udp from any port =68 to any port = 67

As you can see there's no rule that allows access to the LAN port i.e.
something like this:

pass in quick from <LAN Net> to <LAN IP> keep state group 100
pass in quick from <LAN Net> to any keep state group 100

plus similar allow rule for output packets.

It seems that there's some bug in bridge filter processing php script
because everything works fine if I assign IP address to the OPT1
interface and do not use bridging.

Any ideas?

Kolia