RP Smith wrote:
>>The "trusted" network can connect to the untrusted network,
>>but the untrusted network can't talk to the trusted network.
>What rules do you have to accomplish the above? Also, if you VPN to the
>m0n0wal, can you get to both networks thru the VPN? If so, how do you make that work?
LAN has 192.168.0.0/24
OPT1 has 192.168.1.0/24
LAN has a normal "LAN --> ANY" rule.
OPT1 has a "If destination is not 192.168.0.0/24, allow all" rule.
I also have PPTP listening on m0n0wall, someone from OPT1 (or WAN) can
PPTP into m0n0wall, the PPTP VPN can communicate with both LAN and OPT1.
Since the firewall rules are stateful, once LAN establishes a TCP
connection to OPT1, the traffic is allowed to go both ways, but a OPT1
machine can't establish a connection to LAN.
And sometimes I park, in handicapped spaces,
While handicapped people, make handicapped faces!
-- Denis Leary