|
||||||||
Hello. I've been messing around with this for several weeks, but I can't seem to find any kind of solution at all. I have three interfaces on my m0n0wall PC (IDE version): WAN, LAN, and OPT1. LAN to WAN and OPT1 to WAN work perfectly - both interfaces obey all filter rules and whatnot. However, OPT1 to LAN doesn't work as expected at all. WAN IP is 192.168.0.2 LAN IP is 192.168.1.1 OPT1 IP is 192.168.2.1 There is no bridging in place. There are two scenarios I can use: First, with no static route in place, m0n0wall will deny traffic to the LAN even if there's a rule in place to explicitly pass it. For example, I can make a rule that says PASS OPT1 TCP traffic from 192.168.2.100 port 1000 to 192.168.1.100 port 1000, then watch as the communication fails. Upon reviewing the firewall log, I'll see an entry that says that OPT1 TCP traffic was DENIED from 192.168.2.100 port 1000 to 192.168.1.100 port 1000 by the default rule. The second scenario involves creating a static route for the OPT1 interface. It passes traffic destined for 192.168.1.X to gateway 192.168.2.1. When this is in effect, all traffic passes and everything works great, except it doesn't obey any filter rules on the LAN interface. I can DENY traffic to port 1024 on 192.168.1.100 but be able to connect to that port just fine from a PC on the OPT1 interface. Even denying all traffic from the interface has no effect. Regardless of either situation, ICMP traffic is not affected by this issue (I can ping from anything to anything). I'm totally stumped on this. My current ruleset is (for troubleshooting purposes) OPT1: allow any from OPT1 subnet to any LAN: allow any from LAN subnet to any Yet, all traffic is still blocked from OPT1 to LAN. Please help!! |