[ previous ] [ next ] [ threads ]
 
 From:  "Bryan Brayton" <bryan at sonicburst dot net>
 To:  "Joe Lagreca" <lagreca at gmail dot com>, "Monowall List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] rule functionality clarification
 Date:  Fri, 19 Nov 2004 23:13:51 -0500 
Joe, in your "blocks access from OPT1 to LAN" rule, have you tried
changing the source from * to Opt1 Net? 

-Bryan

> -----Original Message-----
> From: Joe Lagreca [mailto:lagreca at gmail dot com]
> Sent: Friday, November 19, 2004 10:51 PM
> To: Monowall List
> Subject: [m0n0wall] rule functionality clarification
>
> I've got what should be a simple problem, but I can't seem to
> understand how m0n0 handles rules to get it accomplished.
>
> SITUATION:  My office is on interface LAN.  My clients are on
> interface OPT1.  I don't want my clients getting into LAN.  However
> they need to use my SMTP server which is on LAN.
>
> IMPLEMENTATION:
>
> LAN interface rules:
> Proto         Source          Port    Destination     Port
>       Description
>
------------------------------------------------------------------------
--
> --------------------------------------------------------------
>  *       LAN net        *         *                    *
> Default LAN -> any
>
> OPT1 interface rules:
> Proto         Source          Port            Destination      Port
> Description
>
------------------------------------------------------------------------
--
> --------------------------------------------------------------
> TCP   OPT1 net      25 (SMTP)  192.168.1.50    25 (SMTP)      OPT1
> SMTP
> -> LAN linux box
>
> *        *                   *                 LAN net          *
>  blocks access from OPT1 to LAN
>
>  *       OPT1 net      *                 *                     *
> Allows internet access for OPT1
>
> PROBLEM:  If I enable the 2nd OPT1 rule which, is a block rule, it
> blocks all traffic to LAN, even the rule above it to allow SMTP
> traffic to pass.  I thought m0n0wall processed rules from the top
> down, giving rules on top priority.
>
> I need to find some way to block OPT1 users from accessing LAN, except
> for SMTP, but allow them Internet access via WAN.  Any help/ideas
> would be GREATLY appreciated.  Thanks.
>
> Joe
> Halogen8
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch





________________________________

avast! Antivirus <http://www.avast.com> : Outbound message clean. 

Virus Database (VPS): 0447-1, 11/19/2004
Tested on: 11/19/2004 11:13:51 PM
avast! - copyright (c) 2000-2004 ALWIL Software.