[ previous ] [ next ] [ threads ]
 
 From:  Joe Lagreca <lagreca at gmail dot com>
 To:  Monowall List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  rule functionality clarification
 Date:  Fri, 19 Nov 2004 19:51:27 -0800 
I've got what should be a simple problem, but I can't seem to
understand how m0n0 handles rules to get it accomplished.

SITUATION:  My office is on interface LAN.  My clients are on
interface OPT1.  I don't want my clients getting into LAN.  However
they need to use my SMTP server which is on LAN.

IMPLEMENTATION:  

LAN interface rules:
Proto  	Source  	Port  	Destination  	Port  	Description
----------------------------------------------------------------------------------------------------------------------------------------
 *  	   LAN net  	  *  	    *  	                 *  	   Default LAN -> any

OPT1 interface rules:
Proto  	Source  	Port  	        Destination  	 Port  	            Description
----------------------------------------------------------------------------------------------------------------------------------------
TCP  	OPT1 net      25 (SMTP)  192.168.1.50  	 25 (SMTP)  	OPT1 SMTP
-> LAN linux box

*  	   *  	               *  	         LAN net  	  *                  
 blocks access from OPT1 to LAN

 *  	   OPT1 net  	 *  	           *  	                 *  	          
Allows internet access for OPT1

PROBLEM:  If I enable the 2nd OPT1 rule which, is a block rule, it
blocks all traffic to LAN, even the rule above it to allow SMTP
traffic to pass.  I thought m0n0wall processed rules from the top
down, giving rules on top priority.

I need to find some way to block OPT1 users from accessing LAN, except
for SMTP, but allow them Internet access via WAN.  Any help/ideas
would be GREATLY appreciated.  Thanks.

Joe
Halogen8