Thanks for the reply.
Curious, do you have inbound rules also, and can you ?
I other firewalls I work with I normally see an IPSec interface or tunnel
reference in rule options so that you can map rules from and to the tunnel, but
I guess m0n0 doesnt do it that way.
I'll give this a shot as soon as I can. I really appreciate the insight.
FWIW, I normally set LAN -> Internet traffic to only what the user needs, for
safe internetting :)
Quoting Rick Preston <rickjpreston at gmail dot com>:
> Hi Bill,
> Why not try these rules
> allow tcp lannet * 192.168.1.0 80
> allow icmp lannet * 192.168.1.0 *
> I don't use the default LAN rule and this is what I have to access my
> good luck and have fun,
> On Fri, 19 Nov 2004 15:18:05 -0500, Bill Hamel <billh at bugs dot hamel dot net> wrote:
> > Hello all,
> > I have a m0n0 1.11 configured with an IPSec Tunnel to a Watchguard Firebox
> > III/700.
> > The tunnels appear to be up.
> > Only using ping and HTTP at this point for tests. The WAN port of each end
> > traverses the internet.
> > Network A = 10.10.80.0/24 (m0n0wall)
> > Network B = 192.168.1.0/24 (Watchguard Firebox)
> > From anything on "B" you can ping and HTTP to "A" (The m0n0 LAN interface)
> > From anything "A" you cannot ping or HTTP to anything on "B"
> > The tunnel must be up else I would not be seeing pings in one of the
> > with SRC and DST in private IP space. Not to mention the m0n0 in diag show
> > session active.
> > Going out on a limb I'll say that the rules on the Watchguard are correct
> > because I have VPN's running to other devices (non-m0n0) just fine.
> > So this raises the question, I read in the manual and saw that the m0n0
> > it's own rules when creating an IPSEC tunnel, which I don't see in the
> > Section but in the Diag section I see what appear to be rules (maybe).
> > I did set up a rule for ESP just for kicks, but it didnt seem to change
> > anything.
> > Is there a ruleset I am missing or something ? I have the default
> > rule setup as well as allowing ESP from any source to the WAN IP of the
> > Any insight or smacks in the head would be appreciated at this point
> because my
> > eyes are crossing :)
> This message has been scanned for viruses and
> dangerous content by the Bugs.Hamel.Net MailScanner,
> and appears to be clean.
This message was sent using IMP, the Internet Messaging Program.
This message has been scanned for viruses and
dangerous content by the Bugs.Hamel.Net MailScanner,
and appears to be clean.