SV: [m0n0wall] unable to block LAN from OPT1

From:	"Ulrik Lunddahl" <ul at proconsult dot dk>
To:	<m0n0wall at lists dot m0n0 dot ch>, "James W. McKeand" <james at mckeand dot biz>
Subject:	SV: [m0n0wall] unable to block LAN from OPT1
Date:	Thu, 16 Dec 2004 12:21:43 +0100

James W. McKeand wrote:

> These two rules logically state: Traffic on the LAN interface from the LAN subnet
> is allowed to anywhere *BUT* the OPT1 subnet. And traffic on the OPT1 interface from
> the OPT1 subnet is allowed to anywhere *BUT* the LAN subnet.

I have the exact same problem, but i have 2 OPT interfaces, so your solution does not work for me.

You seem to be very good at this "logic of rulez", du you have a suggestion for how i should solve
the problem, because my head is spinning and i have to read everyting 10 times to be sure it's
secure.

The system is PC based with 4 interfaces:

WAN with a /27 subnet.
LAN with administrative hosts (ADMIN)
OPT1 with hosts that do software development, project A (PROJA)
OPT2 with hosts that do software development, project B (PROJB)

Everybody should have somwhat unlimited internet access, and no traffic between ADMIN, PROJA, PROJB
is nessesary, they could in teori have 3 seperate internet connections.

This is my first post here, and im simply impressed by the people here, and by m0n0wall in general.

Best regards
Ulrik Lunddahl

Sales Manager - Salgschef
PROconsult Data A/S - Rugårdsvej 15 - 5000  Odense C
Tel: +45 63113333 - Tel dir: +45 63113341 - Mobil: +45 26363341 - Fax: +45 63113344
E-mail: ul at proconsult dot dk - Web site: www.proconsult.dk